Download - Risk Management 101: Changing World / Changing Exposures / Changing Insurance Needs December 2010
Risk Management 101:Changing World / Changing Exposures / Changing Insurance Needs
December 2010
Marsh 2
The Changing Face of the Worldand Risk Management
1970’s 20101970’s 2010
Marsh 3
The Changing Face of the Worldand Risk Management
1970’s 20101970’s 2010
Marsh 4
The Changing Face of the Worldand Risk Management
1970’s 20101970’s 2010
$4 $82
Marsh 5
The Changing Face of the Worldand Risk Management
1970’s 20101970’s 2010
Marsh 6
The Changing Face of the Worldand Risk Management
1970’s 20101970’s 2010
Auto
GeneralLiability
Property WorkersComp
Directors& Officers
Terrorism
ProductsLiability
EnvironmentalRisk
Technology
Pandemic
IdentifyTheft
Cyber Risk
EmergencyResponsePlanning
HumanCapital
Risk
EmploymentPractices
CreditRisk
PoliticalRisk
IntellectualProperty
ERM
Marsh 7
The Changing Face of the Worldand Risk Management
Marsh 8
The Changing Face of the Worldand Risk Management
Marsh 9
Risk Transfer Spectrum
Marsh 10
Property Damage (PD)
BuildingBuilders RiskContentsStockProperty of OthersInstallment SalesLeased EquipmentUnderground PropertyDocks or WharvesDams or DikesDefense CostsDebris RemovalDemolition Increase Cost of
ConstructionPollutionExpediting ExpensesFire Extinguishing
ExpensesExhibitsBrands and TrademarksPairs or SetsLoss Adjustment
ExpensesEarthquakeFlood
Boiler & MachineryConsequential LossTransitParcel PostEDP Equipment and
MediaValuable PapersAccounts ReceivableNewly Acquired PropertyUnnamed LocationsFine ArtsService Interruption - PDVacant BuildingControl of Damaged
MerchandiseTransmissions and
Distribution LinesRolling StockTenants and Neighbors
LiabilityDevaluationCoinsurance DeficiencyTax LiabilityTax Treatment of ProfitsComputer VirusProperty Off-siteMobil Equipment
Time Element (TE)Business Interruption (BI)Builders Risk BISoft CostsTransit BIOrdinary PayrollInterdependency
WorldwideExtended Period of
IndemnityExtra Expense (EE)Research and
Development Rental ValueBuilding LawsBuilding LawsContingent BI WorldwideLeader BIContingent EE WorldwideLeasehold Interest RoyaltiesImpounded WaterCivil or Military AuthorityService Interruption - TEIngress/Egress
ServicesProperty Loss ControlBusiness Continuity
PlanningCaptive ManagementAsset Valuation
ServicesCatastrophe
AssessmentForensic Accounting
Property Insurance Coverage and Services
Marsh 11
• Automotive Liability• General Liability• Products Liability• Umbrella Liability• Excess Liability• Workers Compensation• Professional Liability • (e.g. Medical Malpractice
Liability, Accountants Errors and Omissions, Brokers Errors and Omissions)
• Environmental Liability• Railroad Protective Liability• Marine Liabilities
Casualty Insurance Coverage
Marsh 12
Financial (FINPRO) Products Coverage
Directors & Officers (D&O)
Employment Practices Liability (EPLI)
Fiduciary
Crime
Information Security / Cyber Risk
Marsh 13
What Is D&O Insurance?
Definition The policy protects the directors and officers and the corporation against
financial loss caused by litigation brought against an Insured for an alleged Wrongful Act in their respective management capacity.
The policy will pay judgments, settlements and defense costs, subject to the deductible, terms and conditions of the policy.
Marsh 14
Claimant Distribution For Public Companies
Source: 2010 NERA
Marsh 15
Claimant Distribution for Private Companies
Source: 2010 NERA
49%
16%
16%
13%
6%
Employees
Shareholders
Customers/Clients/ConsumerGroups
Other 3rd Parties
Competitors and Suppliers
Marsh 16
Where are D&O the claims coming from?
A Marsh claims lawyer was involved in helping settle 25% of all securities class action claims in 2009.
• SEC Restructuring & Increased Funding• SEC Increasingly aggressive, with more focus
on individual accountability• Expansion of SEC authority via Dodd-Frank• Aggressive FCPA Enforcement
Aggressive Regulatory Regime Rise in Derivative Claims
•Aggressive Plaintiffs Bar•Increased scrutiny of SLCs•Increase in judicial scrutiny of Non-Cash derivative settlements •Plaintiff attorney fees issues
Marsh 17
Typical D&O Claim Trigger Events
Restating financial results (Revenue Recognition and accounting for reserves and contingencies are the most common).
Earnings that fail to meet projections/expectations.
Announcement that a product doesn’t work, wasn’t approved, or won’t be ready as planned.
Disclosure of a regulatory investigation into a company’s conduct.
Internal investigation of questionable practices by a current or former officer.
Inadequate disclosure regarding mergers, acquisitions or divestitures. In a merger or acquisition there are two sets of potential shareholder plaintiffs.
Unfair Trade Practices/Antitrust Actions – Competitor claims; regulatory complaints.
Creditor Claims -alleging misrepresentation, inadequate or inaccurate disclosure in financial reporting.
Employment-related Claims – Especially for Not-For-Profit Corporations.
Marsh 18
Overview of the D&O Policy
Marsh 19
Indemnification
State laws typically provide a basis to allow a company to indemnify persons who are agents of the company if they are acting in good faith, in the interests of the company, and had no knowledge of the illegality of their actions.
– Indemnification may include directors, officers, or employees
Company bylaws typically outline the scope and procedures for indemnification:
– Standard for directors and officers, but may extend to employees.
– Review the bylaws to determine where you stand.
Why a corporation could not or may not indemnify?
– Financial insolvency
– Derivative Claim: claim is brought on behalf of the corporation
– Interpretation of “Good Faith”
Marsh 20
Key Coverage Issues
Severability of the Exclusions: “The knowledge of one Insured shall not be imputed to any other Insured for the purpose of determining the applicability of the exclusions…”; Preferable: full severability of coverage for all exclusions, not just the “personal conduct” exclusions.
Severability of the Application and Attachments: “No knowledge or information possessed by any Insured person shall be imputed to any other Insured person to determine whether coverage should be available.
Non-Rescission Clauses: “In consideration of the premium charged, it is agreed that notwithstanding anything in this policy to the contrary, the insurer shall not be entitled under any circumstances to rescind this policy with respect to Insuring agreement A only.”
“Final Adjudication” versus “In fact” wording: Fraud and Personal Profit exclusion.
Order of Payments Wording: (A/K/A “Priority of Payments” Clause).
Marsh 21
Key Coverage Issues
Definition of Claim: Informal and formal investigations; administrative, civil and regulatory proceedings; criminal proceedings; monetary and nonmonetary relief; written demands; target letters.
“Arising out of” vs. “For”: Lead-in wording to the Bodily Injury/Property Damage Exclusion; Pollution Exclusion.
“Failure to Maintain Insurance” Exclusion: delete.
Professional Services and Product Recall Exclusions: Obtain carve-out for shareholder claims.
Marsh 22
Limit, Retentions and Premiums SnapshotPublicly Traded Only
$0
$100,000
$200,000
$300,000
$400,000
$500,000
$600,000
$700,000
$800,000
Retention $500,000 $600,000 $750,000
Premium $370,000 $500,000 $570,000
$350M $600M $950M$0
$10,000,000
$20,000,000
$30,000,000
$40,000,000
$50,000,000
$60,000,000
Limits $35,000,000 $40,000,000 $55,000,000
$350M $600M $950M
Marsh 23
Increased Use of Advanced Analytics
Frequency and Dismissal Rate Based on Varying Market Cap
0.00%
1.00%
2.00%
3.00%
% away from Current MC
Fre
q R
ate
-20.00%
0.00%
20.00%
40.00%
60.00%
Dis
mis
sal
Rat
e
Freq Rate Dismissal Rate
Freq Rate 1.80% 1.93% 2.04% 2.14% 2.22%
Dismissal Rate -15.16% 20.58% 37.52% 45.83% 54.06%
Minus 40% Minus 20% Current MC P lus 20% P lus 40%
2.04%Statistical Probability of Securities Class Action =
Peer Analysis, Share Data & Financial Relativities
0.70
1.00
1.30
Debt to Equity
Price Earning Ratio
Short Interest /Shares Outstanding
Intangible Asset /Asset
Company
Industry
What is D&O insurance meant to protect against?
What is the right amount of D&O insurance coverage?
What tools should I be utilizing to assist in making a decision?
What is D&O insurance meant to protect against?
What is the right amount of D&O insurance coverage?
What tools should I be utilizing to assist in making a decision?
Marsh 24
What is Employment Practices Liability?
Any liability from an actual or alleged “Employment Practices Violation” by an employee, applicant or third party.
Employment Practices Liability (EPL) includes, but is not limited to, allegations of:– Discrimination– Harassment (sexual or otherwise)– Failure to provide equal opportunity of employment– Wrongful termination– Retaliation– Failure to employ or promote– Negligent evaluation– Libel, slander, humiliation– Infliction of emotional distress– Wrongful failure to provide or enforce corporate policies– Violation of an employee’s civil rights including:
Title VII of the Civil Rights Act American with Disabilities Act (ADA) Age Discrimination in Employment Act (ADEA) Family and Medical Leave Act (FMLA) Equal Pay Act (EPA)
Marsh 25
Who is an Insured and What is a Claim?
The company and any employee including past, present, part time, seasonal, and temporary employees, volunteers, and applicants for employment are all insureds.
The definition of “claim” includes:
– A written demand for monetary damages or other redress
– An administrative proceeding
– A lawsuit
– A demand for arbitration or an alternative dispute resolution
– An allegation that the insured harassed or discriminated against a nonemployee of the insured
EPL policies are written on claims made forms
Marsh 26
EPL Hot Topics
Focus on Dukes v. Wal-Mart: If Supreme Court agrees to hear the case and affirms the class certification, it will change the standards for assessment of punitive damages in class actions. Punitive Damages claim of $1B
– Dukes class action claim began with 1 single EEOC charge. Remember to notice your EEOC claims!
Workplace Bullying Legislation pending is pending in many states now. Employers are encouraged to address that in their Employee Handbooks and EPLI policies.
Misclassification of Employees: US DOL “Misclassification Initiative” targets employers who misclassify their employees as independent contractors rather than employees and will impose sanctions and penalties against those employers. Also, potential exposure for civil and criminal violations of wage and hour related laws.
Continued Increase in Wage and Hour Related Claims: These continue to be excluded under EPLI policies
EEOC Charges:
– 2009: Second highest number of EEOC charges in history and recovered a record high $294M through administrative and enforcement actions
– Notable increases in claims asserting discrimination based on religion, national origin and disability;
– Reasons for Increases: economic conditions, greater access to the EEOC by public, increased awareness of rights by employees, increased diversity and shift in workforce
Marsh 27
EPL Hot Topics
EEOC Areas of Focus in 2010 and beyond:
– Faster and efficient resolution of charges: More aggressive enforcement under the Obama administration, including increased budget
– Systemic Initiative: Continued aggressive litigation strategy employed by EEOC
– Employment Background Screening: Additional resources deployed on cases involving discriminatory use of credit reporting and other employment background check methodology in hiring, termination and other employment related decisions
– Caregiver Discrimination: EEOC has reported an increase in claims by individuals alleging that they have been denied certain conditions of employment because of their status as a caregiver.
– Pregnancy Discrimination Focus
Marsh 28
EPL Claims EnvironmentEEOC Charge Statistics 2009
93,277
82,79279,43281,293
84,442
95,402
75,76875,428
0
20,000
40,000
60,000
80,000
100,000
120,000
2002 2003 2004 2005 2006 2007 2008 2009
9423,386
11,134
22,77821,451
33,613
28,028
33,579
RaceSex/Gender
Retaliation
Disability
AgeNational O
rigin
Religion
Equal Pay
The number for total charges reflects the number of individual charge filings. Because individuals often file charges claiming multiple types of discrimination, the number of total charges for any given fiscal year will be less than the total of the eight types of discrimination listed.
Marsh 29
What is Information Security Risk?
The failure to safeguard confidential information (in any format) or thefailure of your network security that results in:
THIRD PARTY
Legal liability to others for computer security and privacy breaches
– Identity theft
– Loss Mitigation Damages
– Card Re-issuance
– Theft / Destruction of Information
– Virus Transmission
Marsh 30
What is Information Security Risk?
The failure to safeguard confidential information (in any format) orthe failure of your network security that results in:
FIRST PARTY
Your costs
– Forensic Investigation
– Crisis Management
– Statutory Compliance
– Voluntary Loss Mitigation Services (credit monitoring, ID theft repair)
– Regulatory (defense costs & penalties)
Marsh 31
Risk Trends
Legal liability to others for computer security & privacy breaches
– Regulatory changes & enforcement
Failure to safeguard data
Plaintiff actions
– Correlation
– Loss mitigation strategy
– Credit monitoring
Card re-issuance liability
Vendors, service providers & partners errors
Marsh 32
Overview of the Current State of the MarketSecurity & Privacy Insurance
Insurance Marketplace Drivers
– Regulatory activity (nearly as much as actual losses) has driven demand for this coverage, especially for privacy liability with its pre-claim covers for regulatory defense and indemnification for compliance with privacy breach notice statutes.
– 45 States have now enacted their own versions of a privacy breach notification law, creating a patchwork quilt of legislation affecting any commercial entity that collects or stores personally identifiable information.
– Recent multimillion dollar losses in key industry sectors—notably retail, financial institutions, health care, and higher education—have caused insurers to either target them as a class or decline them outright.
Marsh 33
Breach Example
January 18, 2010
National Corp Reveals Potential Breach of 1.2 Million Accounts
National Corp., a financial services company based in Radnor, PA disclosed a security vulnerability that may have leaked personal data of 1.2 million customers.
The company revealed the possible data breach in a letter to the attorney general of New Hampshire on January 4. Lawyers for the firm say the breach of the portfolio information systems had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. While the letter did not disclose how the breach happened, it says the unidentified source sent FINRA a username and password that could access the portfolio system. This username and password had apparently been shared among employees of the company and vendors.
Marsh 34
Evolution and Insurability of a Data Breach
Item Insurable?
1 Hire forensics investigator Yes
2 Engage outside counsel to determine obligations
Yes
3 Engage public relations firm Yes
Marsh 35
Evolution and Insurability of a Data Breach
Item Insurable?
3 Hire third party to assist with statutory notification
Written notice Phone banks
Yes
4 Offer credit monitoring and identity theft relief services as part of notice
Yes
5 Engage outside counsel for defense against lawsuit
Yes
Marsh 36
Evolution and Insurability of a Data Breach
Item Insurable?
5 Damages resulting from lawsuit (s) Yes
6 Engage outside counsel resulting from regulatory investigation (FTC, State AG)
Yes
7 Fines and penalties resulting from regulatory investigation
TBD
Marsh 37
Example
A financial services provider loses a data tape containing unencrypted customer account data, not credit cards). A class action lawsuit follows resulting in the following costs:
– Technical Forensics $900,000
– ID Theft Forensics $2,900,000
– Mailing Costs $2,200,000 (includes secondary notification to “class”)
– Call Center $75,000 (most handled in-house)
– Credit Monitoring $2,500,000
– Additional Loss Mitigation $2,500,000
– Outside Attorney Expenses $1,100,000
– Additional Settlement Costs $5,000,000 (including plaintiffs fees)
Total – $16,175,000
Average security breach in 2009 = $6.75M
Marsh 38
Actual Paid Claims
Wrongful disclosure of information by employee of credit union who sold information to outsiders:
– Amount paid by insurer for liability claim and first party loss: $1.8 million
Third party computer hacker stole credit card information:– Amount paid by insurer for liability claim: $5 million
(note that this was the primary policy limit—claim eroded excess limits as well)
Third party computer hacker stole passwords by electronic means and used those passwords to gain access to personal information:
– Amount paid by insurer for liability claim (class action): $8 million plus
Employee sold customer data to others: – Amount paid by insurer for liability claim: $9.1 million
Employee stole and sold information to identity theft ring:– Amount paid by insurer for notice and liability claim: $2.6 million
Unauthorized access to database resulting from stolen passwords:– $4.5 million
Insured's employees released proprietary information of the claimant to third parties: – $715 thousand
Source: AIG
Marsh
Marsh 39
Data BreachEvent Modeling
Number of records compromised 100,000 250,000 500,000 1,000,00
Privacy notification costs 400,000 $1,000,000 $2,000,000 $4,000,000
Call center costs $100,000 $250,000 $500,000 $1,000,000
Credit monitoring cost $1,000,000 $2,500,000 $5,000,000 $10,000,000
ID theft repair $500,000 $1,250,000 $2,500,000 $5,000,000
Total estimated first party costs* $2,000,000 $5,000,000 $10,000,000 $20,000,000
Account / card reissuance liability $600,000 $1,500,000 $3,000,000 $6,000,000
Fraud liability $5,000,000 $12,500,000 $25,000,000 $50,000,000
Total estimated third party liability $5,600,000 $14,000,000 $28,000,000 $56,000,000
Total estimated privacy event $7,600,000 $19,000,000 $38,000,000 $76,000,000
Based upon number of records compromised
* May be subject to a Privacy Event Cost Sublimit
Assumptions:Notification costs - $4 per recordCall center costs - $5 per call (20 percent expected participation)Credit monitoring - $50 per record (20 percent expected participation)ID theft repair - $500 per record (1 percent of those monitored experience identity theft)Card re-issuance - $6 per record (potential liability to issuers, i.e., banks)Fraud liability - $1,000 per record (range is $500 per record to $6,400 average fraud charges - 5 percent experience fraud)
Marsh
Marsh 40
Thank you!
Questions – Further Discussion
David G. Wilkins, CIC
Managing Director
Marsh
15 West South Temple Suite 700
Salt Lake City Utah, 84101
801-533-3650
Email: [email protected]