400 likes | 594 Views
December 2010. Risk Management 101: Changing World / Changing Exposures / Changing Insurance Needs. The Changing Face of the World and Risk Management. 1970’s 2010. The Changing Face of the World and Risk Management. 1970’s 2010. The Changing Face of the World and Risk Management.
E N D
December 2010 Risk Management 101:Changing World / Changing Exposures / Changing Insurance Needs
The Changing Face of the Worldand Risk Management 1970’s 2010
The Changing Face of the Worldand Risk Management 1970’s 2010
The Changing Face of the Worldand Risk Management 1970’s 2010 $4 $82
The Changing Face of the Worldand Risk Management 1970’s 2010
The Changing Face of the Worldand Risk Management 1970’s 2010 Human Capital Risk Intellectual Property Employment Practices Emergency Response Planning Auto Terrorism Technology Property Workers Comp Identify Theft Environmental Risk Pandemic General Liability Directors & Officers Products Liability Credit Risk Cyber Risk Political Risk ERM
Property Insurance Coverage and Services Property Damage (PD) Building Builders Risk Contents Stock Property of Others Installment Sales Leased Equipment Underground Property Docks or Wharves Dams or Dikes Defense Costs Debris Removal Demolition Increase Cost ofConstruction Pollution Expediting Expenses Fire ExtinguishingExpenses Exhibits Brands and Trademarks Pairs or Sets Loss AdjustmentExpenses Earthquake Flood Boiler & Machinery Consequential Loss Transit Parcel Post EDP Equipment and Media Valuable Papers Accounts Receivable Newly Acquired Property Unnamed Locations Fine Arts Service Interruption - PD Vacant Building Control of Damaged Merchandise Transmissions and Distribution Lines Rolling Stock Tenants and Neighbors Liability Devaluation Coinsurance Deficiency Tax Liability Tax Treatment of Profits Computer Virus Property Off-site Mobil Equipment Time Element (TE) Business Interruption (BI) Builders Risk BI Soft Costs Transit BI Ordinary Payroll Interdependency Worldwide Extended Period of Indemnity Extra Expense (EE) Research and Development Rental Value Building Laws Building Laws Contingent BI Worldwide Leader BI Contingent EE Worldwide Leasehold Interest Royalties Impounded Water Civil or Military Authority Service Interruption - TE Ingress/Egress Services Property Loss Control Business Continuity Planning Captive Management Asset Valuation Services Catastrophe Assessment Forensic Accounting
Casualty Insurance Coverage • Automotive Liability • General Liability • Products Liability • Umbrella Liability • Excess Liability • Workers Compensation • Professional Liability • (e.g. Medical Malpractice Liability, Accountants Errors and Omissions, Brokers Errors and Omissions) • Environmental Liability • Railroad Protective Liability • Marine Liabilities
Financial (FINPRO) Products Coverage • Directors & Officers (D&O) • Employment Practices Liability (EPLI) • Fiduciary • Crime • Information Security / Cyber Risk
What Is D&O Insurance? Definition • The policy protects the directors and officers and the corporation against financial loss caused by litigation brought against an Insured for an alleged Wrongful Act in their respective management capacity. • The policy will pay judgments, settlements and defense costs, subject to the deductible, terms and conditions of the policy.
Claimant Distribution For Public Companies Source: 2010 NERA
Claimant Distribution for Private Companies Source: 2010 NERA
Aggressive Regulatory Regime Rise in Derivative Claims • SEC Restructuring & Increased Funding • SEC Increasingly aggressive, with more focus on individual accountability • Expansion of SEC authority via Dodd-Frank • Aggressive FCPA Enforcement • Aggressive Plaintiffs Bar • Increased scrutiny of SLCs • Increase in judicial scrutiny of Non-Cash derivative settlements • Plaintiff attorney fees issues Where are D&O the claims coming from? A Marsh claims lawyer was involved in helping settle 25% of all securities class action claims in 2009.
Typical D&O Claim Trigger Events • Restating financial results (Revenue Recognition and accounting for reserves and contingencies are the most common). • Earnings that fail to meet projections/expectations. • Announcement that a product doesn’t work, wasn’t approved, or won’t be ready as planned. • Disclosure of a regulatory investigation into a company’s conduct. • Internal investigation of questionable practices by a current or former officer. • Inadequate disclosure regarding mergers, acquisitions or divestitures. In a merger or acquisition there are two sets of potential shareholder plaintiffs. • Unfair Trade Practices/Antitrust Actions – Competitor claims; regulatory complaints. • Creditor Claims -alleging misrepresentation, inadequate or inaccurate disclosure in financial reporting. • Employment-related Claims – Especially for Not-For-Profit Corporations.
Indemnification • State laws typically provide a basis to allow a company to indemnify persons who are agents of the company if they are acting in good faith, in the interests of the company, and had no knowledge of the illegality of their actions. • Indemnification may include directors, officers, or employees • Company bylaws typically outline the scope and procedures for indemnification: • Standard for directors and officers, but may extend to employees. • Review the bylaws to determine where you stand. • Why a corporation could not or may not indemnify? • Financial insolvency • Derivative Claim: claim is brought on behalf of the corporation • Interpretation of “Good Faith”
Key Coverage Issues • Severability of the Exclusions: “The knowledge of one Insured shall not be imputed to any other Insured for the purpose of determining the applicability of the exclusions…”; Preferable: full severability of coverage for all exclusions, not just the “personal conduct” exclusions. • Severability of the Application and Attachments: “No knowledge or information possessed by any Insured person shall be imputed to any other Insured person to determine whether coverage should be available. • Non-Rescission Clauses: “In consideration of the premium charged, it is agreed that notwithstanding anything in this policy to the contrary, the insurer shall not be entitled under any circumstances to rescind this policy with respect to Insuring agreement A only.” • “Final Adjudication” versus “In fact” wording: Fraud and Personal Profit exclusion. • Order of Payments Wording: (A/K/A “Priority of Payments” Clause).
Key Coverage Issues • Definition of Claim: Informal and formal investigations; administrative, civil and regulatory proceedings; criminal proceedings; monetary and nonmonetary relief; written demands; target letters. • “Arising out of” vs. “For”: Lead-in wording to the Bodily Injury/Property Damage Exclusion; Pollution Exclusion. • “Failure to Maintain Insurance” Exclusion: delete. • Professional Services and Product Recall Exclusions: Obtain carve-out for shareholder claims.
Increased Use of Advanced Analytics • What is D&O insurance meant to protect against? • What is the right amount of D&O insurance coverage? • What tools should I be utilizing to assist in making a decision?
What is Employment Practices Liability? • Any liability from an actual or alleged “Employment Practices Violation” by an employee, applicant or third party. • Employment Practices Liability (EPL) includes, but is not limited to, allegations of: • Discrimination • Harassment (sexual or otherwise) • Failure to provide equal opportunity of employment • Wrongful termination • Retaliation • Failure to employ or promote • Negligent evaluation • Libel, slander, humiliation • Infliction of emotional distress • Wrongful failure to provide or enforce corporate policies • Violation of an employee’s civil rights including: • Title VII of the Civil Rights Act • American with Disabilities Act (ADA) • Age Discrimination in Employment Act (ADEA) • Family and Medical Leave Act (FMLA) • Equal Pay Act (EPA)
Who is an Insured and What is a Claim? • The company and any employee including past, present, part time, seasonal, and temporary employees, volunteers, and applicants for employment are all insureds. • The definition of “claim” includes: • A written demand for monetary damages or other redress • An administrative proceeding • A lawsuit • A demand for arbitration or an alternative dispute resolution • An allegation that the insured harassed or discriminated against a nonemployee of the insured • EPL policies are written on claims made forms
EPL Hot Topics • Focus on Dukes v. Wal-Mart: If Supreme Court agrees to hear the case and affirms the class certification, it will change the standards for assessment of punitive damages in class actions. Punitive Damages claim of $1B • Dukes class action claim began with 1 single EEOC charge. Remember to notice your EEOC claims! • Workplace Bullying Legislation pending is pending in many states now. Employers are encouraged to address that in their Employee Handbooks and EPLI policies. • Misclassification of Employees: US DOL “Misclassification Initiative” targets employers who misclassify their employees as independent contractors rather than employees and will impose sanctions and penalties against those employers. Also, potential exposure for civil and criminal violations of wage and hour related laws. • Continued Increase in Wage and Hour Related Claims: These continue to be excluded under EPLI policies • EEOC Charges: • 2009: Second highest number of EEOC charges in history and recovered a record high $294M through administrative and enforcement actions • Notable increases in claims asserting discrimination based on religion, national origin and disability; • Reasons for Increases: economic conditions, greater access to the EEOC by public, increased awareness of rights by employees, increased diversity and shift in workforce
EPL Hot Topics • EEOC Areas of Focus in 2010 and beyond: • Faster and efficient resolution of charges: More aggressive enforcement under the Obama administration, including increased budget • Systemic Initiative: Continued aggressive litigation strategy employed by EEOC • Employment Background Screening: Additional resources deployed on cases involving discriminatory use of credit reporting and other employment background check methodology in hiring, termination and other employment related decisions • Caregiver Discrimination: EEOC has reported an increase in claims by individuals alleging that they have been denied certain conditions of employment because of their status as a caregiver. • Pregnancy Discrimination Focus
EPL Claims EnvironmentEEOC Charge Statistics 2009 The number for total charges reflects the number of individual charge filings. Because individuals often file charges claiming multiple types of discrimination, the number of total charges for any given fiscal year will be less than the total of the eight types of discrimination listed.
What is Information Security Risk? The failure to safeguard confidential information (in any format) or the failure of your network security that results in: THIRD PARTY Legal liability to others for computer security and privacy breaches Identity theft Loss Mitigation Damages Card Re-issuance Theft / Destruction of Information Virus Transmission
What is Information Security Risk? The failure to safeguard confidential information (in any format) or the failure of your network security that results in: FIRST PARTY Your costs Forensic Investigation Crisis Management Statutory Compliance Voluntary Loss Mitigation Services (credit monitoring, ID theft repair) Regulatory (defense costs & penalties)
Risk Trends • Legal liability to others for computer security & privacy breaches • Regulatory changes & enforcement • Failure to safeguard data • Plaintiff actions • Correlation • Loss mitigation strategy • Credit monitoring • Card re-issuance liability • Vendors, service providers & partners errors
Overview of the Current State of the MarketSecurity & Privacy Insurance Insurance Marketplace Drivers • Regulatory activity (nearly as much as actual losses) has driven demand for this coverage, especially for privacy liability with its pre-claim covers for regulatory defense and indemnification for compliance with privacy breach notice statutes. • 45 States have now enacted their own versions of a privacy breach notification law, creating a patchwork quilt of legislation affecting any commercial entity that collects or stores personally identifiable information. • Recent multimillion dollar losses in key industry sectors—notably retail, financial institutions, health care, and higher education—have caused insurers to either target them as a class or decline them outright.
Breach Example January 18, 2010 National Corp Reveals Potential Breach of 1.2 Million Accounts National Corp., a financial services company based in Radnor, PA disclosed a security vulnerability that may have leaked personal data of 1.2 million customers. The company revealed the possible data breach in a letter to the attorney general of New Hampshire on January 4. Lawyers for the firm say the breach of the portfolio information systems had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. While the letter did not disclose how the breach happened, it says the unidentified source sent FINRA a username and password that could access the portfolio system. This username and password had apparently been shared among employees of the company and vendors.
Example A financial services provider loses a data tape containing unencrypted customer account data, not credit cards). A class action lawsuit follows resulting in the following costs: Technical Forensics $900,000 ID Theft Forensics $2,900,000 Mailing Costs $2,200,000 (includes secondary notification to “class”) Call Center $75,000 (most handled in-house) Credit Monitoring $2,500,000 Additional Loss Mitigation $2,500,000 Outside Attorney Expenses $1,100,000 Additional Settlement Costs $5,000,000 (including plaintiffs fees) Total – $16,175,000 Average security breach in 2009 = $6.75M
Actual Paid Claims Wrongful disclosure of information by employee of credit union who sold information to outsiders: Amount paid by insurer for liability claim and first party loss: $1.8 million Third party computer hacker stole credit card information: Amount paid by insurer for liability claim: $5 million (note that this was the primary policy limit—claim eroded excess limits as well) Third party computer hacker stole passwords by electronic means and used those passwords to gain access to personal information: Amount paid by insurer for liability claim (class action): $8 million plus Employee sold customer data to others: Amount paid by insurer for liability claim: $9.1 million Employee stole and sold information to identity theft ring: Amount paid by insurer for notice and liability claim: $2.6 million Unauthorized access to database resulting from stolen passwords: $4.5 million Insured's employees released proprietary information of the claimant to third parties: $715 thousand Source: AIG Marsh
Data BreachEvent Modeling Based upon number of records compromised * May be subject to a Privacy Event Cost Sublimit Assumptions: Notification costs - $4 per record Call center costs - $5 per call (20 percent expected participation) Credit monitoring - $50 per record (20 percent expected participation) ID theft repair - $500 per record (1 percent of those monitored experience identity theft) Card re-issuance - $6 per record (potential liability to issuers, i.e., banks) Fraud liability - $1,000 per record (range is $500 per record to $6,400 average fraud charges - 5 percent experience fraud) Marsh
Thank you! • Questions – Further Discussion David G. Wilkins, CIC Managing Director Marsh 15 West South Temple Suite 700 Salt Lake City Utah, 84101 801-533-3650 Email: david.wilkins@marsh.com