Immediate Gains Immediate Vault Immediate Access

Understanding New York’s New Insurance Disclosure Requirements

If your organization operates or could be sued in New York, there has been recent activity on the legal and regulatory risk landscape that risk professionals should be prepared for.

New York’s newly-enacted Comprehensive Insurance Disclosure Requirements legislation opens the door for defendants to request that organizations disclose the details of their commercial insurance programs that may apply to a judgment in the case. These details include policy limits and potentially even access to your claims adjusters. For those with more complex risk financing structures, the law may also lead to the misinterpretation of the organization’s coverages.

For the greatest success in complying with this new regulation, risk professionals must become their legal department’s greatest ally, stepping in to lend their expertise to prevent potential confusion and errors. Risk professionals can be integral in keeping sensitive information confidential, monitoring all disclosure requests and alerting their teams to any discrepancies in the interpretation of the shared information.

Additionally, risk professionals should proactively identify the relevant policies for counsel, mindful that the policy or program must potentially respond to the plaintiff’s claim.

What are the New York Disclosure Law’s requirements and how do they impact your insurance program?

The New York law requires that an insured defendant disclose information about any insurance policies sold or delivered in New York that could be applicable to a plaintiff’s claim. This requires careful assessment to ensure compliance while avoiding potentially unnecessary insurance disclosures.

Depending on the claimed amount and a program’s retention levels, disclosures likely include primary insurance policies and may include excess and umbrella policies as well. 

The disclosure requirements extend to various risk financing structures, including captives, self-insurance programs, risk retention groups and surplus lines insurers. Many claims may not reach the retentions, arguably rendering the insurance policies nonresponsive to the claim.

Other than in personal injury protection cases, the New York law requires that insured defendants provide proof of insurance to other parties within 90 days after answering the complaint. This could lead to the disclosure of incorrect insurance information. To address that risk, risk professionals can instruct counsel to obtain the proper COI for a particular claim and advise that it may need to fine-tune their COI process with outside vendors or brokers.

In the cases where arguments are made that COIs are not sufficient proof of insurance, insureds should be prepared to disclose redacted portions of their declaration pages. 

The New York law also requires insured defendants to identify the claims adjustor assigned to the claim, including a potentially surprising level of detail such as the adjustor’s direct email address. It is critical to keep claims adjusters informed and risk professionals should alert their adjustors before this disclosure is made. Immediately report to counsel any plaintiff communications to the adjustor.

What steps can risk managers take to ensure compliance?

If possible, a risk professional or an attorney familiar with insurance coverage should assume responsibility for an organization’s compliance with these disclosure requirements in all New York cases. This will be instrumental in ensuring responses are uniform and avoiding disclosure errors. 

Creating a checklist, as well as a readily accessible library of COIs, redacted declarations pages, and other pertinent information can help keep the organization compliant with New York’s law. Although there might be differing disclosure requirements, organizations with larger footprints should consider extending this structure across other states as well.

By taking these steps, risk professionals can minimize insurance disclosure disputes, assist with their organization’s compliance efforts, and avoid unnecessary interference with an organization’s insurance program.

4 Steps to Help Organizations Embrace Risk from Emerging Technology

As companies continue to navigate the changing work environment brought on by the pandemic, it has become clear that business leaders will need to get comfortable revising and adapting their strategies to deal with disruption brought on from new technologies and new regulation. As risk management professionals, these rapid changes have made our job more important than ever to our organizations. Yet the majority of our organizations—particularly in C-suites—remain far from giving risk management experts the seat at the table they need to effectively safeguard against enterprise threats, digital or otherwise.

Data from PwC’s Global Risk Survey 2022 shows that executives are starting to recognize these risks: 79% of executives report that they view the breakneck speed of digital transformation as a significant risk management challenge. Moreover, this renewed focus is translating into increased funding, as 65% of organizations are increasing their spending on risk management technology and 56% said they planned to invest in risk culture and behavioral risk in 2022.

Unfortunately, the survey also found that too many organizations are treating the risk function as an add-on or incorporating risk leaders into strategic conversations too late. Only 39% of business leaders reported adding risk professionals to decision-making processes early, which should be an essential step for executives seeking to minimize risk from the outset. On a broader scale, executives seemed to lack confidence in risk managers, with only 47% of respondents saying they feel “very confident” in their risk function’s ability to build a more risk-aware culture, a key element of any successful risk-focused company.

Particularly as companies invest in emerging technologies, business leaders need to listen more to their risk and compliance functions and integrate them into conversations about how those technologies will be implemented. Artificial intelligence is a great example: when companies rush to implement systems to accelerate efficiency and analyze trends, they risk creating disproportionate bias and violating personal privacy through data sourcing. Risk professionals need to be at the table from beginning to end to make sure that an evolving regulatory environment and other pitfalls are fully accounted for in the organization’s implementation process.

While investment in risk management technology is helpful, it is insufficient without making structural changes to the organization to prioritize the risk function company-wide. Particularly as companies consider adopting emerging technologies, the following steps should be considered not just by risk management professionals, but across the C-suite:

  1. Identify, categorize, and prioritize technology risks across the company. This should be done on a regular basis by a dedicated risk management team, married with the best tools available, with findings routinely reported back to senior leaders. Companies are on the right track here: 65% plan to increase their technology spend this year across data analytics and process automation to support detection and monitoring of risks. This initial step will lay the framework for the establishment of cyber threat intelligence, systems monitoring, and incident response protocols.
  2. Adapt IT governance to the emerging technologies being adopted. Risk professionals should work with IT teams and company leadership to create governance structures that integrate seamlessly with corporate strategy, allowing for alignment of day-to-day operations, effective decision-making, a framework for best practices, and promotion of investments that enhance business objectives.
  3. Update leadership often on the emerging tech regulatory landscape. Whether across data privacy rules, cyber reporting requirements, or other complex technology challenges, a robust compliance program should keep leaders across the company updated as new technologies are implemented. Otherwise, companies risk run-ins with legal authorities and the erosion of trust from their clients and customers.
  4. Set expectations with leadership that not all risks are one and the same. Understanding the context around each piece of technology will become imperative to understanding its specific risks and the appropriate response strategy, including the maturity and complexity of the business processes to determine true risk to the company. Inherent in this case-by-case evaluation is an understanding of the company’s risk appetite and criteria for acceptable level of risk.

When adopted purposefully, emerging technologies can make companies more efficient, more profitable, and better stewards for their employees, clients and communities. Risk is often unavoidable for early adopters of emerging technologies, but it can be mitigated if C-suites equip their risk functions with a holistic strategy and a voice in key business decisions. As C-suites and organizations seek to adapt to a changing world, their success will hinge on the extent to which risk management is incorporated into their strategies.

3 Things Every Organization Should Do to Protect Against Cybercriminals

Cybersecurity should be a top priority for organizations today, especially as employees continue to work remotely without business-grade protections. In the age of COVID-19, businesses are more vulnerable than ever. Whether it is phishing scams or malware, hackers are constantly finding new ways to attack businesses. In fact, in March 2020 alone, scams increased by 400%, and have continued to increase since then.

It is vital that employers protect their organizations and employees from cyberattacks, especially now. As new scams develop, businesses must create new ways to stave off hackers. Many steps can be taken to implement—and enforce—security measures as part of daily procedures for employees. By focusing on just three strategies, organizations can help better protect themselves from phishing scams and other cyberattacks.

1. Create a Comprehensive Plan

As organizations transitioned to remote work, employers had to make foundational shifts to adapt. The same is true for security threats. Cybersecurity measures need to become part of everyday routines and tasks. This means creating a plan to protect all assets and boost security in business processes.

Each organization’s security strategy also needs to align with its specific business risks. Performing risk assessments will allow employers to determine where they need to invest in cybersecurity. It is important to identify key digital assets within networks and personal devices so that employers can determine how to best protect them.

Once an organization’s risks are assessed, it can create a plan to suit these needs. For example, a cybersecurity strategy may include secure remote access or virtual private networks (VPNs), especially for virtual workers, to protect devices from threats posed by public internet connections. Other strategies include implementing multi-factor authentication, assigning access permissions to employees and maintaining regular backups.

2. Prioritize Investments in Cybersecurity

Protecting an organization requires the proper tools. A trustworthy security framework is a vital aspect of managing risks. For many remote or hybrid workplaces, areas like cloud and or software as a service (SaaS) security are top of mind. To manage and protect these environments, organizations should shift to software-defined networking (SDN) with secure access and/or secure service edge capabilities.  

Firewalls are also an important aspect of security, as they place a barrier between trusted internal networks and the outside world. Maintaining end-to-end security has become even more difficult in the age of remote work.

Investing in threat-monitoring and endpoint protection tools can also help. While there is no silver bullet to combat the myriad threats, layering cybersecurity methods helps create “defense in depth,” better positioning the organization to face whatever specific cyberrisks may be exploited next.

3. Take the Time to Train Employees

Strategy and security are futile without proper training. Organizations must commit to continuously training employees so that they are not only aware of what cyberattacks to watch for, but what to do if they notice something. This means ensuring that employees are comfortable reporting scams. By starting training during onboarding and conducting it regularly as scams evolve or emerge, workers can shift from liabilities to assets.

Cybersecurity training ranges from phishing testing to password and device management. Employers must teach workers to update their systems, be cautious with external devices like flash drives, and practice physical device security.

Reaction is just as important as prevention. Organizations should have a plan for employees if they fall victim to a scam or notice something unusual so IT or information security professionals can solve the issue as quickly as possible and mitigate the damage.

Ignoring cybersecurity is a huge risk, as cyberattacks can have serious consequences for businesses and their customers, suppliers and partners alike. It is critical to develop a strong cybersecurity strategy and invest in resources and training. Security is continuing to increase in importance as remote work remains and threats rise. By understanding the issues, challenges and potential threats of a cyberattack, organizations can determine what steps and precautions can be taken to decrease the likelihood of a cyberattack in the future.

7 Tips to Mitigate the Risks of Summer Staff Parties

With millions of employees continuing to work remotely part- or full-time, 2022 summer office outings may represent one of the first “all hands” get-togethers for many employers since the COVID-19 pandemic began. Indeed, 37% of respondents to spot surveys conducted by Seyfarth at Work reported that there had not been a need, opportunity and/or COVID-safe venue for everyone to be in the same space at the same time since 2019.

Two years is a long wait, and based on anecdotal reporting in the wake of June and early July events, some employees are perhaps a bit overexcited at the prospect of finally hanging out together.

Some summer outing horror stories that resulted in complaints and charges include:

• An East Coast video game development company’s festivities included ice-breaker activities of beer pong and “spin the vodka bottle,” with managers nudging uncomfortable staff to join in.
Result: two employees contacted a local enforcement agency looking to file a harassment charge.

• A West Coast tech startup’s party featured an impromptu game of “pin the tail on the interns,” involving strips of paper “tails” and tape.
Result: two interns left the organizations and several employees threatened suit.

• A Midwest pack-and-ship firm had insult rap battles that devolved into comments about aging and weight gain.
Result: a spate of internal complaints from employees, and even from a caterer who was setting up food on-site and overheard the derisive and potentially discriminatory lyrics.

Actionable Risk Management Take-Aways for Bosses:

A number of pre-event precautions can help reduce the risk of your summer outing going sideways:

Scare your managers—just a little. Schedule pre-event “Respect Huddles” where you can remind those in supervisory roles that they all have potential professional and/or legal responsibility if things go wrong. Deputize them, so to speak, to watch out for risky conduct as the festivities unfold. Share simple scripts and responses your managers can use to “nudge” attendees back to a zone of respect.

Set limits for everyone on things like alcohol, how long/late the event runs, and an agenda of (appropriately) fun activities. Historically, drinking can be a gateway activity to all sorts of sordid interactions. To manage the risk, some organizations have found it very helpful to “ticket the tequilas,” meaning they provide the event food, but limit the alcohol, such as by using a drink ticket system.
buy flexeril online https://royalcitydrugs.com/flexeril.html no prescription
A strict event agenda helps prevent attendees from straying into murky territory with creative comments and conduct. Any planned games should focus on friendly collaboration, not physical contact. Assign a trusted internal party planner to carefully manage your party or outing agenda.

Strongly encourage staff to bring significant others and kids, if interested. Having lots of little tykes in attendance tends to reduce all sorts of adult excesses and judgement errors. However, also be open to employee opt-outs. Stress the fact that no one is expected to attend—it is just as important as making sure everyone feels welcome.

Send a pre-event conduct memo to every employee at least once, and maybe even twice. Revisit your office respect rules, as they extend to and apply in the great outdoors as well, at least when your organization is sponsoring.

Tips for Everyone

For employees at any level, we recommend not thinking of the outing as party time, but rather as a professional event that just happens to be moving outside. These tips can help any attendee enjoy the gathering while avoiding risky situations:

Set lower expectations for yourself on how “off-the-hook” the whole outing will be, which can help ensure that you’re not disappointed and are better able to maintain decorum.

Stay away from casual banter that is ribald, risqué or involves sharing too much information.

Social distance, for both COVID and conduct reasons.