wells fargo insurance services usa, inc. 1 e merging e xposures not i nsured by sc i nsurance r...
TRANSCRIPT
Wells Fargo Insurance Services USA, Inc.1
EMERGING EXPOSURES NOT INSURED BY
SC INSURANCE RESERVE FUND
2015 GFOASC Fall Conference2015 GFOASC Fall ConferenceMyrtle Beach, S.C. March 15, 2015
Presented by Greg JonesSenior Vice PresidentWells Fargo Insurance Services843-573-3560 [email protected]
Wells Fargo Insurance Services USA, Inc.2
AGENDA
Introduction Basic Coverages from IRF Changing Legal Landscape Emerging Exposures & Insurance
Employment Practices Liability example Available insurance for uninsured exposures
Fiduciary EPL & Management liability Pollution liability Cyber Liability
Common “gaps and gotcha’s” Q & A
Wells Fargo Insurance Services USA, Inc.3
Only state owned insurance company in US Standardized forms in 1985/86 Limited Eligibility Generally good, basic insurance coverage Very limited flexibility Not rated by AM Best Now part of State Fiscal Accountability Authority
Introduction to SC IRF
Wells Fargo Insurance Services USA, Inc.4
South Carolina Insurance Reserve Fund
Basic Coverages from IRFBuildings & personal propertyData processing equipmentBusiness Interruption/Extra ExpenseBuilder’s RiskInland Marine (“floaters”)General Tort Liability (i.e. Commercial General Liability)
Medical Professional LiabilityAuto liability & physical damageSchool Activity Vehicle CoverageUnderground Storage Tank coveragePrepaid legal
Wells Fargo Insurance Services USA, Inc.5
CHANGING LEGAL LANDSCAPECHANGING LEGAL LANDSCAPE
TY PES OF LEGAL L IABIL ITY
TORTS CONTRACTS STATUTES
MODIFY COMMON
LAW
NEGLIGENCE
INTENTIONAL TORTS
STRICT
LIABILITY
ABSOLUTE LIABILITY
ASSUMPTION OF LIABILITY
BREACH OF CONTRACT
Wells Fargo Insurance Services USA, Inc.6
Brief History of Employment Practices Liability
1991
“Tailhook” scandal
Clarence Thomas Hearings
1991 Civil Rights Act
Wells Fargo Insurance Services USA, Inc.7
LEGAL LANDSCAPELEGAL LANDSCAPE
STATUTORY BASIS (FEDERAL)
Title VII of the Civil Rights Act
race, gender, religion, national origin, etc. Includes same sex harassment
Allows for Jury trial
Compensatory & Punitive damages capped
Age Discrimination in Employment Act (ADEA)
Americans with Disability Act (ADA)
Family and Medical Leave Act (FMLA)
Pregnancy Discrimination Act
Equal Pay Act
COMMON LAW
Breach of Contract
Wrongful termination
Negligent and Intentional infliction of emotional distress
Defamation
Invasion of Privacy
Negligent Hiring/Supervision
Misrepresentation
Wells Fargo Insurance Services USA, Inc. 8
Wrongful Dismissal, Discharge or Termination
Breach of Employment Contract
Harassment
Racial, Gender, Age, National Origin, Religion, Sexual Orientation, Pregnancy or Disability Discrimination
Retaliation
Employment Related Misrepresentation or Personal Injury (libel / slander / defamation)
Wrongful Failure to Employ or Promote
Deprivation of Career Opportunity
Negligent Employee Evaluation
Wrongful Discipline
Failure to grant tenure
Violation of Civil Rights
Client and Customer Claims for Discrimination and Harassment
Common EPL claims
Wells Fargo Insurance Services USA, Inc.9
HISTORY OF EPLI
First Policy Created in 1985
Interest Grows in 1992
Current Environment
-Stand alone EPL
-Combination with D&O/Management Liability
-Endorsement to Commercial General Liability
Wells Fargo Insurance Services USA, Inc.10
GAPS IN EPL COVERAGE
S.C. Insurance Reserve Fund
Tort Policy covers “personal injury” claims Covers “discrimination on basis of race, sex, age,
religion, or handicap” Excludes “retaliation” (1998) Can purchase Pre-paid Legal Defense coverage
Wells Fargo Insurance Services USA, Inc.11
WHAT IS A CLAIM UNDER AN EPLI POLICY?
EPLI Polices are Claims-Made Policies. Claims have to be reported “as soon as practicable” - during the policy period.
CLAIM may be:
1. Written demand for Monetary Damages
2. Administrative Charge - EEOC or similar state agency charge of discrimination
3. A civil lawsuit
4. Demand for arbitration
Wells Fargo Insurance Services USA, Inc.12
COMMON EXCLUSIONS
Prior Notice Pending & Prior Litigation Date (includes administrative
charges) Bodily Injury/Property Damage OSHA/Workers’ Compensation Disability/Unemployment Compensation ERISA/Breach of Fiduciary National Labor Relations Act Fair Labor Standards Act/Similar State Wage & Hour
Claims Breach of Express Written Contract Costs of Physical Modifications under ADA
Wells Fargo Insurance Services USA, Inc.13
WHAT ARE THE “GOTCHA’S”?
Claims-made and Reported-Need incident reporting-Potential Issues at each renewal-Very careful when changing insurers-Notice/awareness provisions
Definition of employee-Independent contractors?-Leased/temporary employees?-Volunteers?
Defense cost within limits SIR vs. Deductible Panel Counsel Indemnity vs. “duty to defend” Hammer clause ERP or “tail” issues (“mini tail”) Application a warranty?
Wells Fargo Insurance Services USA, Inc.14
Limits/Self Insured Retention Broad Definition of Wrongful Employment Act Punitive damages coverage Option to select defense counsel Third party coverage - Covers Claims brought by
vendors, clients, customers or other non-employees Amended Reporting Provision - Risk Manager/General
Counsel & Human Resources + “mini tail” provision Full prior acts coverage Bordereaux Reporting Risk management tools
Issues to Consider Prior to Purchasing an EPLI Policy
Wells Fargo Insurance Services USA, Inc.15
Other Available Insurance
Coverages from Commercial Insurance
Fiduciary liability (ERISA 1974)
EPL & Management Liability (1991 & 2000)
Pollution liability (1988-89)
Cyber Liability (2010)
Wells Fargo Insurance Services USA, Inc.16
Cyber Liability Insurance
Coverages Available3rd Party Liability for Privacy breach, Network Security, or Regulatory1st Party Coverage for Privacy notification, crisis management, credit monitoring and forensics.Other 1st Party Options: cyber extortion, business interruption, data restoration.
Limits Available-Two ApproachesOne limit with “fund” sublimitsNumber of Persons notification approach
Wells Fargo Insurance Services
Marketing Summary
CARRIER: LIMIT OF LIABILITY: RETENTION (Each Claim):
ANNUAL PREMIUM:
ACE USA (Indication Only) $3,000,000$5,000,000
$250,000 $250,000
$85,000 - $105,000$115,000 - $135,000
Axis Insurance Co. (Non-admitted)
$1,000,000$3,000,000$5,000,000
$250,000$250,000$500,000
$48,291$102,417$145,923
Chartis(Admitted)
$1,000,000$3,000,000$5,000,000
$150,000 / $250,000$150,000 / $250,000$250,000 / $250,000
$46,601$78,000
$122,000
Federal Insurance Co. (Chubb)
No response as of 1/4/11 N/A N/A
Beazley (Non-admitted)
$3,000,000$5,000,000
$10,000,000
$100,000$100,000$250,000
$88,413$122,137$182,294
C.N.A(Non-admitted)
$1,000,000$3,000,000$5,000,000
$100,000$100,000$250,000
$46,050$97,755
$127,565
Zurich(Admitted)
$1,000,000$3,000,000$5,000,000
$250,000$250,000$500,000
$43,433$65,877$91,645
Wells Fargo Insurance Services Page 18
Legal Issues & The Regulatory Environment
Gramm Leach-Bliley Act: Requires financial institutions to safeguard customers’ records and information against unauthorized access. Imposes major privacy and security requirements on financial services companies
Health Insurance Portability and Accountability Act (HIPAA): Healthcare organizations required to safeguard individually identifiable health information. Imposes penalties on organizations that violate HIPAA (further amended by the HITECH Act)
California SB1386: A California law requiring companies to notify their CA customers and employees of computer security breaches. The law applies to any business that stores customer and employee information electronically even if the company is not based in the Golden State.
Privacy Breach Notification Laws: Spreading of California SB 1386; adopted by 47 states as of December 2010. Duty to notify customers where consumer/customer information has been compromised (electronic or non-electronic means, state legislation varies)
Massachusetts Privacy Law 201 CMR 17.00: This law is the first state law to require specific technology when protecting personal information. If you do business with residents in MA or have employees that reside in MA, compliance is mandatory by March 1, 2010.
Legislation has now imposed affirmative duties on companies as to how they handle data, principally client/customer information:
Wells Fargo Insurance Services Page 19
Legal Issues and The Regulatory Environment
PCI Security Standards: The standards globally govern all merchants and organizations that store, process or transmit cardholder data. PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council (PCI fines not generally covered under insurance policies).
FACTA (Fair and Accurate Credit Transactions Act): Prohibits businesses from printing more than 5 digits of any customer’s credit card number or card expiration date on any receipt issued at a point of sale. For machines in use before 1/1/05, the merchant has 3 years to comply. For machines in use after 1/1/05, the merchant has one year to comply.
Red Flag Rules: Established by FACTA, requires financial institutions or creditors to develop and implement an Identity Theft Prevention Program in connection with both new and existing accounts. The program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft.
Federal HITECH Act – health plans, health care providers and health care clearinghouses (ie. Covered entities), among other things, must review and update their business associate agreements, as well as their privacy and security policies and procedures. Requires that any data breach event exceeding 500 records be reported to the Department of Health and Human Services.
Wells Fargo Insurance Services Page 20
What Should You Be Asking?
Have we analyzed our cyber liabilities?
What legal rules apply to the information we maintain or that is kept by vendors, partners and other third parties? The laws surrounding breaches are complex.
Have we assessed our legal exposure to governmental investigations?
Have we assessed our exposure to suits by our customers, vendors or suppliers?
Have we protected our organization in contracts with vendors?
What laws apply in different states and countries in which we conduct business?
Do we have adequate staffing to reasonably maintain and safeguard our important assets and processes?
Have we prepared an incident response plan and business continuity plan?
Do we have a documented, proactive crisis communications plan?
It is critical to have a solid incident response plan in place prior to any security or privacy breach.
** Questions supplied by the “The Financial Impact of Cyber Risk” Publication – American National Standards Institute (ANSI) and Internet Security Alliance.
Wells Fargo Insurance Services Page 21
Vendor Management & Requirements
IT/Software Companies
Request Tech E&O to include network security/privacy coverage
Some Tech E&O policies have security/privacy exclusions
Other Business Services – Payroll, Auditors
Request appropriate E&O coverage to include network security/privacy
Credit Card Processors/Acquiring Banks
Request Network Security/Privacy Coverage
Other Vendors that interact with your systems or sensitive information, or handle information on your behalf
Request Network Security/Privacy Coverage
Wells Fargo Insurance Services
What Can Be Covered Under a Network Security & Privacy Policy?
Breach of Security: Your liability to third parties arising out of a failure of your network security that results in a computer attack. Such failure can be caused by unauthorized access or use, transmission of a computer virus or a denial of service attack.
Invasion of Privacy: Your liability arising from disclosure and release of confidential or personally identifiable information stored on your computer system caused by a failure of your network security.
Enterprise Privacy: Your liability arising from any breach of privacy including violations of HIPAA, GLB or any state, federal or foreign privacy protection law (including regulatory defense expenses, notification expenses, credit monitoring, crisis management expenses)
Identity Theft: Your liability arising from theft of personal information of your employees, customers or clients.
Cyber Extortion: Protection against threats or demands made against you involving your computer network.
Internet Media: Defamation, Libel and Slander/Personal Injury – Liability arising out of the content disseminated on your Internet site; includes intellectual property infringement exposures
Business Interruption: Business Interruption losses sustained by you arising from the interruption or suspension of your computer network, due to failure of security (including extra expenses)
Data Asset Coverage: Information asset protection for you for property losses involving data, computer systems and information assets arising from a computer attack.
Wells Fargo Insurance Services
Enterprise Privacy Coverage
Non-network Privacy Breaches: What happens if a breach, which exposes confidential information, does not arise out of a failure of security of your computer system? ie. paper, PDA’s, lost data tapes.
Accountability For Outside Vendors: Your liability arising from others working on your behalf (those which you are legally responsible for).
Employee Privacy Exposure: What happens if a breach causes your employees’ confidential information to be compromised?
Regulatory Defense Expenses: Defense costs involved with a regulatory proceeding, a request for information, demand, suit or civil investigation by or on behalf of a government agency arising from allegations of violation of a privacy regulation (may include coverage for fines & penalties and related consumer redress fund expenses)
Notification Expenses: Costs to notify your customers/clients of security or privacy breaches. Most insurers will provide a sub-limit of coverage to assist with these expenses.
Credit Monitoring Expenses: Costs to provide your customers/clients with credit monitoring services as a result of privacy violation, if you have the duty to provide.
Crisis Management Expenses: Reasonable and necessary expenses incurred by you and approved by the Insurer in retaining the services of a public relations firm, law firm for advertising or related communications to assist with mitigating harm to your reputation.
* Regulatory Expenses, Notification Expenses, Credit Monitoring and other Crisis Management Expenses are generally offered on a sub-limited basis and varies by carrier.
Wells Fargo Insurance Services USA, Inc.24
Common Features & Gotcha’s of Additional Coverages
Generally proactive risk management
(EPL, Cyber, pollution)Claims-made & reportedPanel counsel requirementLimits
Defense costs inside limits Various coverages subject to sublimits
Wells Fargo Insurance Services USA, Inc.25
Other Commonly Seen Coverages
Coverages AvailableEmployee dishonesty/Faithful performance bondVolunteer Accident CoverageEducator’s E&OBuilder’s RiskProject Specific Professional/Owner’s Protective Professional LiabilitySpecial Events PolicyExcess liability coverage
Wells Fargo Insurance Services USA, Inc.26
SC IRF “Gaps & Gotcha’s”
Property
Off-premises service interruption
Coinsurance
Boiler & Machinery limits = $5MM
Business Interruption
Off-premises service interruption
Builder’s Risk
Only owner’s interest, coinsurance, no waiver of subrogation
Tort Policy
No vicarious coverage for independent contractors
No contractual coverage
Wells Fargo Insurance Services USA, Inc.27
QUESTIONS?