Tag Archives: D&O

Immediate Vault Immediate Access

Risk Landscape: Coverage Trends to Watch

Posted on by

Being aware of your company’s new and changing risks is critical for sound risk management. As the year progresses, we have identified growing risks facing
companies, and their directors and officers, that are likely to impact policyholders. These risks include cybersecurity, Telephone Consumer Protection Act (TCPA) lawsuits, drones, wage and hour lawsuits and food recalls. The risks and issues to watch out for are expanded below:

Cybersecurity

Cyberattacks against businesses doubled in 2015 and are expected to continue to increase as attackers become even more sophisticated. Watch out for:

Phishing scams and social engineering fraud. In social engineering scams, hackers utilize phishing, purporting to be legitimate employees or third parties try to trick businesses into wiring funds or allow access to their systems. Although many businesses have crime insurance that covers “computer systems fraud,” ambiguous provisions or liability limits may restrict coverage. SomCompliancee courts have held that fraud coverage applies only when intrusions are unauthorized, but not when an unwitting employee falls prey to an online scam.

Data breaches. Companies should also be conscious about their coverage for data breaches, which increasingly present significant exposures. Insurers often contest whether data breaches constitute “publication” of private information, and, if so, whether an insurer’s duty to defend applies. This is particularly important as the storage of consumer data is a lynchpin of many businesses’ operations and marketing.
Businesses need to ensure that their commercial insurance policies adequately cover their business risks and consider purchasing dedicated cyber policies.

Coverage for TCPA claims

Certain efforts to engage with consumers may come at a steep cost. Under the Telephone Consumer Protection Act (TCPA), businesses that send unsolicited faxes, voice calls or text messages to consumers may be held liable for at least $500 per violation.

General liability coverage of TCPA claims. In recent years, commercial general liability (CGL) insurers have increasingly added broad exclusions to their policies for TCPA claims. Moreover, courts are split on whether “right to privacy” coverage in CGL policies cover these claims. Some courts uphold coverage only for losses from incidents that divulge confidential information (secrecy-related claims), whereas others uphold coverage for unsolicited communications, even if they do not republish confidential information.
While such coverage may be restricted under CGL policies, policyholders may have coverage under their directors’ and officers’ (D&O) insurance.

LA Lakers test case for D&O coverage. In 2016, the Ninth Circuit will likely address this issue in an appeal by the Los Angeles Lakers. The franchise’s marketing campaign included sending unsolicited text messages to fans. When sued under the TCPA, the franchise sought coverage for its defense costs under its D&O policy. In April 2015, a California federal court rejected coverage, finding that the policy’s “invasion of privacy” exclusion precluded coverage.
As businesses seek to engage consumers directly through various media, they should consider whether their insurance protects against TCPA claims.

UAVs and Insurance in 2016

Unmanned aerial vehicles (UAVs), or drones, promise to revolutionize not just commerce but insurance as well. The United States Federal Aviation Administration (FAA) estimates that, by 2023, annual global spending on UAVs will total $11.5 billion, and by 2020, about 30,000 commercial and civil drones will dot the skies.

Drone property loss and liability. The rise of drones raises several risks. The most obvious of these risks are loss of property and third-party liability. Use of drones for package or cargo delivery raises the risk of damage to the UAV itself—or its payload, which is usually the bigger loss. As shown by recent news reports and the first lawsuit, Boggs v. Merideth (W.D. Ky.), operators face liability for costs of defense and settlements or judgments payable to third-party claimants when UAVs go astray. With drones’ ability to film and collect data, other risks include privacy-related claims and data breach and hacking.

New coverage provisions. In June 2015, the Insurance Services Office, Inc. (ISO), approved new coverage provisions addressing commercial use of drones. The new ISO provisions modify standard CGL and umbrella/excess liability policy forms and merit close consideration by policyholders.
Because these new provisions are untested, policyholders should review them carefully against their entire insurance program and consult with insurance advisors to ensure that new provisions or policies provide the protection needed. Companies using UAVs should consider the aviation insurance market and also assess the need for cyber insurance coverage for privacy and data-breach exposures.

Wage-and-Hour Lawsuits

Cases alleging violations of the Fair Labor Standards Act (FLSA) have shot up in recent years. In 2015, almost 9,000 FLSA cases were filed in federal court, up more than 10% from 2014, and 30% from 2011. State courts have also experienced high volumes of wage-and-hour cases. California and New York recently enacted laws that allow directors, officers, and in New York, “top 10 shareholders” to be held personally liable for wage-and-hour violations.
Traditionally, companies have looked to their employment practices liability (EPL) and D&O insurance to protect against the defense and liability costs in wage-and-hour lawsuits. However, EPL insurance policies today regularly exclude coverage for such claims. Unlike EPL policies, D&O policies do not routinely exclude such coverage, but are including such exclusions with increasing frequency. As a result, policyholders must review D&O policies carefully to ensure that they protect against the threats posed by such claims.
Brokers and insurers have been developing new insurance products that specifically address these increasing wage-and-hour exposures. Policyholders, particularly those with significant operations in California and New York, should consider these newly emerging wage-and-hour specialty policies to ensure that they are adequately protected.

Food Contamination and Recall Coverage

The number of food product recalls for alleged contamination, undisclosed ingredients and other mislabeling issues also has risen dramatically. Although CGL and business property insurance policies provide some protection against liability for food contamination and recalls, savvy food companies should also consider specialized recall and contamination coverage.
These specialized policies may cover the reasonable costs that a policyholder incurs, for example, to examine its products for contamination, announce and institute a product recall, safely destroy contaminated products, and reimburse distributors and retailers for down-stream recall costs. Such policies often include crisis management coverage to help the policyholder mitigate negative media reports.

Varying types of special coverage. Because recall and contamination policies are not standardized, individual insurers offer differing policy terms and levels of coverage. Companies contemplating the addition of such coverage, or pursuing coverage under an existing policy, should closely examine the policy to understand the scope and limitations of coverage.

Items to watch. When purchasing such coverage, food companies need to identify their primary risks and negotiate the broadest possible coverage. In addition, because such policies often include very strict notice requirements, policyholders should give notice as soon as a recall arises to avoid coverage denial on late notice grounds.

Christina Buschmann, Linda Powell and Adrian Torres, Perkins Coie Insurance Recovery attorneys, also contributed to this article.

Corporate Directors and Officers Face Cybersecurity Pressure

Posted on by

Stock market down

One of the primary issues confronting corporate directors, officers and others involved in risk management today is cybersecurity. News cycles have been littered with high-profile data breaches at companies ranging from Sony Pictures Entertainment, Wyndham Hotels, Anthem and Home Depot, since Target Corporation’s massive data breach kicked off this scrutiny in 2013. The massive federal data breach earlier this year demonstrated that the U.S. government is not immune either.

A corporate data breach not only inflicts reputational and financial pain on the targeted company, but, depending on the data disclosed, the impact on consumers can be dramatic. According to Redspin’s Breach Report 2013, since 2009, nearly 30 million Americans have had their personal health information accidentally disclosed—or worse, breached. Further, the Cyber Edge Group recently surveyed 800 security decision makers and practitioners and found that more than 70% indicated that their networks were breached in 2014, an increase of 8% from 2013.

Claims against Directors

Cybersecurity is an issue of risk assessment that should be on the mind of board members. As every director has likely experienced, corporate decision-makers are under more scrutiny today than ever before because of corporate scandals that led to the adoption of the Sarbanes-Oxley Act and the more recent Dodd-Frank Act. One of the main objectives of Dodd-Frank is to increase transparency and improve accountability in the corporate financial world. As a result, board members are now required to spend more time overseeing a company’s operations than perhaps was the case in prior years.

A key determinant of liability is how a director acts once a red flag has been identified. When a warning sign appears, a director is required by law to diligently undertake a reasonable investigation.

online pharmacy apixaban with best prices today in the USA

But an open issue at hand is how much training companies provide to their directors so that they can identify potential issues and respond accordingly, or actively oversee the corporate compliance program. In light of many recent cases, the answer is: not enough. One proactive approach is for a corporate board to annually review all of the material events that impacted their company over the past year (both externally and internally) and assess how prepared the management team was for each event. They should also assess the company’s overall approach to cybersecurity policies and practices annually, including any incident response plans.

All this said, if history is our guide, the likelihood of a corporate board member being held personally liable for poor oversight of a public company is low. This is because directors and officers insurance almost always covers any liability or settlement. According to a 2006 Stanford Law Review study, between 1980 and 2005, there were only 12 cases where directors were forced to make payments that were not covered by insurance, including legal fees.

While data breaches have spawned litigation brought by consumers or employees, widespread litigation has not ensued with shareholders seeking damages as a result of a data breach. This is likely because of the challenges inherent in demonstrating that a company’s share price was materially affected by a breach.

online pharmacy minocin with best prices today in the USA

The data breach at Home Depot provides a good example of potential litigation strategies that may be employed in the future. Following that breach, a lawsuit was filed in Delaware Chancery Court seeking access to Home Depot’s books and records related to the data breach. It appears that the plaintiffs are using this suit to determine whether Home Depot’s directors and officers breached their fiduciary duties by failing to adequately protect the company’s credit card information. Based on what is uncovered, it is likely that future litigation will ensue.

The law regarding director’s liability is fairly well established, and claims typically arise in one of two scenarios: 1) The directors should be liable because they made a decision or took an action that was either negligent or ill-advised (they breached their duty of care); or 2) The directors failed to act in a situation where they could have prevented a loss (they breached their duty of loyalty).

Claims alleging a breach of the duty of care are unlikely to succeed because directors enjoy the protections of the director-friendly business judgment rule. Essentially, the business judgment rule immunizes a director’s conduct from judicial scrutiny as long as the decision is informed, made in good faith, and with the genuine belief that the decision was made in the company’s best interest. Even if a plaintiff can overcome the presumptions in favor of a director by showing gross negligence, many companies have adopted charter or bylaw provisions consistent with Delaware law, thereby insulating directors from liability for a breach of their duty of care. Other states such as Nevada have enacted statutes specifically protecting directors from these types of claims.

In the second scenario, a director is not insulated from liability under Delaware law, and a director’s conduct is evaluated under the standards enunciated in Caremark International Inc. Derivative Litigation and its progeny. This oversight liability attaches when directors consciously disregard their responsibilities either by: 1) failing to implement a sufficient reporting system; or 2) after implementing a reporting system, failing to properly oversee or monitor its operations by serving as passive recipients of information. Simply put, making no decision – or looking the other way – may indeed be worse than making any decision, even a bad one.

Many risks can be mitigated through the use of insurance policies. But with respect to cybersecurity, relying on insurance may prove problematic. With no form of standardized cyber insurance policy language established, different insurers are adopting different approaches. Moreover, an actuarial challenge exists in predicting or gauging the probability and impact of a cyberattack. As a result, it remains difficult to match a cybersecurity policy with the risk profile of a particular company. Also, the damages suffered from a data breach may be multifaceted and unique, with no normal distribution of outcomes. In sum, insurance may be a partial answer, but not necessarily a cost-effective complete solution.

Rise of the Corporate Investigation

Over the past several years, a cottage industry has emerged among lawyers who claim to specialize in corporate investigations. These investigations used to be the purview of a company’s general counsel or legal staff. But courts became less likely to apply the business judgment rule if an investigation was conducted in-house. This reluctance has spawned the exponential growth of corporate investigations, and more or less established that the standard of care is to retain outside counsel. Even though the costs of these investigations can be prohibitive, there appears to be no consensus on a different tactic.

In the face of a government enforcement action, regardless of which regulatory authority is involved, a director’s playbook is pretty straightforward. Directors should establish a committee to exercise day-to-day supervision of an internal investigation and monitor the progress in order to best ensure the company’s protection. One way for directors to limit their exposure—and perhaps cut down on corporate misconduct—is to provide the same oversight on an ongoing, day-to-day basis. This can decrease the number of required corporate investigations and the identification and remediation of issues before they become significant liabilities. Viewed through the eyes of a director, such an approach could lessen the likelihood of future liability.

P&C Market Continues Downward Rate Trend

Posted on by

Property/casualty insurance buyers are continuing to see flat rates, as all lines of coverage averaged a zero percent rate change, MarketScout reported today.

“The market continues to be trending downward over the last eight months, from October 2014 at plus 1.5% to April 2015 at a zero percent increase,” Richard Kerr, CEO of MarketScout said in a statement. “It’s not dramatic but it is a trend. Coastal property may experience some slight rate increases since we are on the cusp of the wind season. Rates on all other exposures should continue to be quite competitive.”

When measuring rates by coverage classification, automobile coverage was up to plus 2%. Rates for all other coverages remained the same. Business owners policies (BOP), professional liability and D&O coverages decreased in April 2015 by 1% compared to March 2015, according to MarketScout, an insurance distribution and underwriting company.

By account size, rates remained the same for all, except jumbo accounts of more than $1,000,000 premium. These accounts adjusted to a reduction of minus 2% in April 2015, compared with rates in March 2015.

Industry classifications were all reported at a zero rate increase in April 2015 with the exception of transportation, which held steady at a rate increase of plus 1% and habitation, which increased from 0% in March to plus 1% in April, MarketScount said.

Summary of April 2015 rates by coverage, account size and industry class:

 

P&C Rates in U.S. Rise 1% in February

Posted on by

The composite rate in the U.S. in 2015 for all property and casualty lines was up 1% in February, compared to flat in January 2015, MarketScout said today.

Pricing measurements by coverage showed no further price deterioration in any line and an increase of 1% in auto, professional liability and EPLI, from plus 1% to plus 2%. By account size, large accounts ($250,001 to $1,000,000 premium) increased from flat to plus 1%, while all other account sizes remained the same as in January, according to MarketScout.

“Could this mean underwriting executives are actually walking away from underpriced business?” asked Richard Kerr, MarketScout CEO.

“February is normally a low volume premium month so we would caution about putting too much credibility in these metrics; however, historically once the insurance market starts softening it normally accelerates rather than moderates or turns around,” he said in a statement. “We speculate insurers are not going to cut deep and long in this cycle. Big data, modeling software and improved underwriting acumen are resulting in insurers simply being too smart to fall for extended and deep price cuts.”

When measuring by industry classification, contracting, habitational, public entity and transportation all increased by 1% in February compared to January.

Summary of the February 2015 rates by coverage, industry class and account size:

By Coverage

Commercial Property         Up 1%

Business Interruption       Up 0%

BOP                                  Up 1%

Inland Marine                   Up 0%

General Liability                Up 1%

Umbrella/Excess               Up 1%

Commercial Auto              Up 2%

Workers Compensation     Up 0%

Professional Liability          Up 2%

D&O Liability                    Up 1%
EPLI                                Up 2%

Fiduciary                          Up 0%

Crime                               Up 0%

Surety                              Up 0%