Transcript ismutah.org

December 2010
Risk Management 101:
Changing World / Changing Exposures /
Changing Insurance Needs
The Changing Face of the World
and Risk Management
1970’s
Marsh
2010
2
The Changing Face of the World
and Risk Management
1970’s
Marsh
2010
3
The Changing Face of the World
and Risk Management
Marsh
1970’s
2010
$4
$82
4
The Changing Face of the World
and Risk Management
1970’s
Marsh
2010
5
The Changing Face of the World
and Risk Management
1970’s
2010
Intellectual
Property
Property
General
Liability
Emergency
Response
Planning
Auto
Workers
Comp
Environmental
Risk
Human
Capital
Risk
Employment
Practices
Terrorism
Technology
Identify
Theft
Pandemic
Directors
& Officers
Products
Liability
Cyber
Risk
Credit
Risk
Political
Risk
ERM
Marsh
6
The Changing Face of the World
and Risk Management
Marsh
7
The Changing Face of the World
and Risk Management
Marsh
8
Risk Transfer Spectrum
Marsh
9
Property Insurance Coverage
and Services
Property Damage (PD)
Building
Builders Risk
Contents
Stock
Property of Others
Installment Sales
Leased Equipment
Underground Property
Docks or Wharves
Dams or Dikes
Defense Costs
Debris Removal
Demolition
Increase Cost of
Construction
Pollution
Expediting Expenses
Fire Extinguishing
Expenses
Exhibits
Brands and Trademarks
Pairs or Sets
Loss Adjustment
Expenses
Earthquake
Flood
Marsh
Boiler & Machinery
Consequential Loss
Transit
Parcel Post
EDP Equipment and
Media
Valuable Papers
Accounts Receivable
Newly Acquired Property
Unnamed Locations
Fine Arts
Service Interruption - PD
Vacant Building
Control of Damaged
Merchandise
Transmissions and
Distribution Lines
Rolling Stock
Tenants and Neighbors
Liability
Devaluation
Coinsurance Deficiency
Tax Liability
Tax Treatment of Profits
Computer Virus
Property Off-site
Mobil Equipment
Time Element (TE)
Services
Business Interruption (BI)
Builders Risk BI
Soft Costs
Transit BI
Ordinary Payroll
Interdependency
Worldwide
Extended Period of
Indemnity
Extra Expense (EE)
Research and
Development
Rental Value
Building Laws
Building Laws
Contingent BI Worldwide
Leader BI
Contingent EE Worldwide
Leasehold Interest
Royalties
Impounded Water
Civil or Military Authority
Service Interruption - TE
Ingress/Egress
Property Loss Control
Business Continuity
Planning
Captive Management
Asset Valuation
Services
Catastrophe
Assessment
Forensic Accounting
10
Casualty Insurance Coverage
•
•
•
•
•
•
•
•
Automotive Liability
General Liability
Products Liability
Umbrella Liability
Excess Liability
Workers Compensation
Professional Liability
(e.g. Medical Malpractice Liability,
Accountants Errors and Omissions,
Brokers Errors and Omissions)
• Environmental Liability
• Railroad Protective Liability
• Marine Liabilities
Marsh
11
Financial (FINPRO) Products Coverage
Marsh

Directors & Officers (D&O)

Employment Practices Liability (EPLI)

Fiduciary

Crime

Information Security / Cyber Risk
12
What Is D&O Insurance?
Definition
Marsh

The policy protects the directors and officers and the corporation against
financial loss caused by litigation brought against an Insured for an alleged
Wrongful Act in their respective management capacity.

The policy will pay judgments, settlements and defense costs, subject to the
deductible, terms and conditions of the policy.
13
Claimant Distribution For Public Companies
Marsh
Source: 2010 NERA
14
Claimant Distribution for Private
Companies
6%
13%
Employees
Shareholders
49%
16%
Customers/Clients/Consumer
Groups
Other 3rd Parties
Competitors and Suppliers
16%
Marsh
Source: 2010 NERA
15
Where are D&O the claims coming from?
Aggressive Regulatory Regime
• SEC Restructuring & Increased Funding
• SEC Increasingly aggressive, with more focus
on individual accountability
• Expansion of SEC authority via Dodd-Frank
• Aggressive FCPA Enforcement
Rise in Derivative Claims
•Aggressive Plaintiffs Bar
•Increased scrutiny of SLCs
•Increase in judicial scrutiny of Non-Cash
derivative settlements
•Plaintiff attorney fees issues
A Marsh claims lawyer was involved in helping settle 25% of all
securities class action claims in 2009.
Marsh
16
Typical D&O Claim Trigger Events

Restating financial results (Revenue Recognition and accounting for reserves
and contingencies are the most common).

Earnings that fail to meet projections/expectations.


Disclosure of a regulatory investigation into a company’s conduct.

Internal investigation of questionable practices by a current or former officer.

Inadequate disclosure regarding mergers, acquisitions or divestitures. In a
merger or acquisition there are two sets of potential shareholder plaintiffs.



Marsh
Announcement that a product doesn’t work, wasn’t approved, or won’t be
ready as planned.
Unfair Trade Practices/Antitrust Actions – Competitor claims; regulatory
complaints.
Creditor Claims -alleging misrepresentation, inadequate or inaccurate
disclosure in financial reporting.
Employment-related Claims – Especially for Not-For-Profit Corporations.
17
Overview of the D&O Policy
Marsh
18
Indemnification

State laws typically provide a basis to allow a company to indemnify persons
who are agents of the company if they are acting in good faith, in the interests
of the company, and had no knowledge of the illegality of their actions.
– Indemnification may include directors, officers, or employees

Company bylaws typically outline the scope and procedures for
indemnification:
– Standard for directors and officers, but may extend to employees.
– Review the bylaws to determine where you stand.

Why a corporation could not or may not indemnify?
– Financial insolvency
– Derivative Claim: claim is brought on behalf of the corporation
– Interpretation of “Good Faith”
Marsh
19
Key Coverage Issues





Marsh
Severability of the Exclusions: “The knowledge of one Insured shall not be
imputed to any other Insured for the purpose of determining the applicability
of the exclusions…”; Preferable: full severability of coverage for all exclusions,
not just the “personal conduct” exclusions.
Severability of the Application and Attachments: “No knowledge or
information possessed by any Insured person shall be imputed to any other
Insured person to determine whether coverage should be available.
Non-Rescission Clauses: “In consideration of the premium charged, it is
agreed that notwithstanding anything in this policy to the contrary, the insurer
shall not be entitled under any circumstances to rescind this policy with
respect to Insuring agreement A only.”
“Final Adjudication” versus “In fact” wording: Fraud and Personal Profit
exclusion.
Order of Payments Wording: (A/K/A “Priority of Payments” Clause).
20
Key Coverage Issues




Marsh
Definition of Claim: Informal and formal investigations; administrative, civil
and regulatory proceedings; criminal proceedings; monetary and
nonmonetary relief; written demands; target letters.
“Arising out of” vs. “For”: Lead-in wording to the Bodily Injury/Property
Damage Exclusion; Pollution Exclusion.
“Failure to Maintain Insurance” Exclusion: delete.
Professional Services and Product Recall Exclusions: Obtain carve-out
for shareholder claims.
21
Limit, Retentions and Premiums Snapshot
Publicly Traded Only
$800,000
$60,000,000
$700,000
$600,000
$50,000,000
$500,000
$40,000,000
$400,000
$30,000,000
$300,000
$200,000
$20,000,000
$100,000
$10,000,000
$0
$0
Limits
$350M
$600M
$950M
$35,000,000
$40,000,000
$55,000,000
Marsh
$350M
$600M
$950M
Retention
$500,000
$600,000
$750,000
Premium
$370,000
$500,000
$570,000
22
Increased Use of Advanced Analytics
Statistical Probability of Securities Class Action = 2.04%
Frequency and Dismissal Rate
Based on Varying Market Cap
40.00%
2.00%
20.00%
1.00%
0.00%
Freq Rate
Dismissal Rate
What is D&O insurance meant to
protect against?

What is the right amount of D&O
insurance coverage?

What tools should I be utilizing to
assist in making a decision?
60.00%
0.00%
M inus 40%
M inus 20% Current M C
P lus 20%
P lus 40%
1.80%
1.93%
2.04%
2.14%
2.22%
-15.16%
20.58%
37.52%
45.83%
54.06%
Dismissal
Rate
Freq Rate
3.00%

-20.00%
Peer Analysis, Share Data & Financial Relativities
% aw ay from Current MC
D e bt t o E quit y
1. 3 0
Freq Rate
Dism issal Rate
1. 0 0
Int a ngible A s s e t /
A sset
0.70
S ho rt Int e re s t /
S ha re s O ut s t a nding
Marsh
P ric e E a rning R a t io
C o m pa ny
Indus t ry
23
What is Employment Practices Liability?


Any liability from an actual or alleged “Employment Practices Violation” by an employee, applicant or
third party.
Employment Practices Liability (EPL) includes, but is not limited to, allegations of:
– Discrimination
– Harassment (sexual or otherwise)
– Failure to provide equal opportunity of employment
– Wrongful termination
– Retaliation
– Failure to employ or promote
– Negligent evaluation
– Libel, slander, humiliation
– Infliction of emotional distress
– Wrongful failure to provide or enforce corporate policies
– Violation of an employee’s civil rights including:
Title VII of the Civil Rights Act
American with Disabilities Act (ADA)
Age Discrimination in Employment Act (ADEA)
Family and Medical Leave Act (FMLA)
Equal Pay Act (EPA)





Marsh
24
Who is an Insured and What is a Claim?



Marsh
The company and any employee including past, present, part time, seasonal, and temporary
employees, volunteers, and applicants for employment are all insureds.
The definition of “claim” includes:
– A written demand for monetary damages or other redress
– An administrative proceeding
– A lawsuit
– A demand for arbitration or an alternative dispute resolution
– An allegation that the insured harassed or discriminated against a nonemployee of the insured
EPL policies are written on claims made forms
25
EPL Hot Topics

Focus on Dukes v. Wal-Mart: If Supreme Court agrees to hear the case and affirms the class
certification, it will change the standards for assessment of punitive damages in class actions. Punitive
Damages claim of $1B
– Dukes class action claim began with 1 single EEOC charge. Remember to notice your EEOC
claims!

Workplace Bullying Legislation pending is pending in many states now. Employers are encouraged to
address that in their Employee Handbooks and EPLI policies.

Marsh
Misclassification of Employees: US DOL “Misclassification Initiative” targets employers who misclassify
their employees as independent contractors rather than employees and will impose sanctions and
penalties against those employers. Also, potential exposure for civil and criminal violations of wage and
hour related laws.

Continued Increase in Wage and Hour Related Claims: These continue to be excluded under EPLI
policies

EEOC Charges:
– 2009: Second highest number of EEOC charges in history and recovered a record high $294M
through administrative and enforcement actions
–
Notable increases in claims asserting discrimination based on religion, national origin and
disability;
–
Reasons for Increases: economic conditions, greater access to the EEOC by public, increased
awareness of rights by employees, increased diversity and shift in workforce
26
EPL Hot Topics

EEOC Areas of Focus in 2010 and beyond:
– Faster and efficient resolution of charges: More aggressive enforcement
under the Obama administration, including increased budget
– Systemic Initiative: Continued aggressive litigation strategy employed by
EEOC
– Employment Background Screening: Additional resources deployed on
cases involving discriminatory use of credit reporting and other
employment background check methodology in hiring, termination and
other employment related decisions
– Caregiver Discrimination: EEOC has reported an increase in claims by
individuals alleging that they have been denied certain conditions of
employment because of their status as a caregiver.
– Pregnancy Discrimination Focus
Marsh
27
EPL Claims Environment
EEOC Charge Statistics 2009
120,000
33,579
100,000
95,402
84,442
81,293
80,000
33,613
28,028
93,277
82,792
79,432
75,428
21,451
75,768
22,778
60,000
11,134
40,000
3,386
20,000
l
ua
n
y
n
lO
Pa
io
ig
el
na
tio
r
i
rig
de
y
lit
bi
lia
io
at
Eq
R
N
e
2009
Ag
2008
isa
2007
D
2006
a
et
2005
R
2004
en
G
x/
2003
e
ac
2002
Se
R
0
942
n
The number for total charges reflects the number of individual charge filings. Because
individuals often file charges claiming multiple types of discrimination, the number of
total charges for any given fiscal year will be less than the total of the eight types of
discrimination listed.
Marsh
28
What is Information Security Risk?
The failure to safeguard confidential information (in any format) or the
failure of your network security that results in:
THIRD PARTY

Legal liability to others for computer security and privacy breaches
– Identity theft
– Loss Mitigation Damages
– Card Re-issuance
– Theft / Destruction of Information
– Virus Transmission
Marsh
29
What is Information Security Risk?
The failure to safeguard confidential information (in any format) or
the failure of your network security that results in:
FIRST PARTY

Your costs
– Forensic Investigation
– Crisis Management
– Statutory Compliance
– Voluntary Loss Mitigation Services (credit monitoring, ID theft repair)
– Regulatory (defense costs & penalties)
Marsh
30
Risk Trends

Legal liability to others for computer security & privacy breaches
– Regulatory changes & enforcement

Failure to safeguard data

Plaintiff actions
– Correlation
– Loss mitigation strategy
– Credit monitoring
Marsh

Card re-issuance liability

Vendors, service providers & partners errors
31
Overview of the Current State of the
Market
Security & Privacy Insurance
Insurance Marketplace Drivers
– Regulatory activity (nearly as much as actual losses) has driven
demand for this coverage, especially for privacy liability with its preclaim covers for regulatory defense and indemnification for compliance
with privacy breach notice statutes.
– 45 States have now enacted their own versions of a privacy breach
notification law, creating a patchwork quilt of legislation affecting any
commercial entity that collects or stores personally identifiable
information.
– Recent multimillion dollar losses in key industry sectors—notably retail,
financial institutions, health care, and higher education—have caused
insurers to either target them as a class or decline them outright.
Marsh
32
Breach Example
January 18, 2010
National Corp Reveals Potential Breach of 1.2 Million Accounts

National Corp., a financial services company based in Radnor, PA disclosed a
security vulnerability that may have leaked personal data of 1.2 million
customers.

The company revealed the possible data breach in a letter to the attorney
general of New Hampshire on January 4. Lawyers for the firm say the breach
of the portfolio information systems had been reported to the Financial
Industry Regulatory Authority (FINRA) by an unidentified source last August.
While the letter did not disclose how the breach happened, it says the
unidentified source sent FINRA a username and password that could access
the portfolio system. This username and password had apparently been
shared among employees of the company and vendors.
Marsh
33
Evolution and Insurability of a Data Breach
Item
Insurable?
1
Hire forensics investigator
Yes
2
Engage outside counsel to determine
obligations
Yes
3
Engage public relations firm
Yes
Marsh
34
Evolution and Insurability of a Data Breach
3
Item
Insurable?
Hire third party to assist with statutory
notification
Yes
Written notice
 Phone banks

4
Offer credit monitoring and identity theft
relief services as part of notice
Yes
5
Engage outside counsel for defense
against lawsuit
Yes
Marsh
35
Evolution and Insurability of a Data Breach
Item
Insurable?
5
Damages resulting from lawsuit (s)
Yes
6
Engage outside counsel resulting from
regulatory investigation (FTC, State AG)
Yes
7
Fines and penalties resulting from
regulatory investigation
TBD
Marsh
36
Example
A financial services provider loses a data tape containing unencrypted customer account data, not credit
cards). A class action lawsuit follows resulting in the
following costs:
– Technical Forensics
$900,000
– ID Theft Forensics
$2,900,000
– Mailing Costs
$2,200,000 (includes secondary notification to “class”)
– Call Center
$75,000 (most handled in-house)
– Credit Monitoring
$2,500,000
– Additional Loss Mitigation
$2,500,000
– Outside Attorney Expenses
$1,100,000
– Additional Settlement Costs
$5,000,000 (including plaintiffs fees)
 Total – $16,175,000
 Average security breach in 2009 = $6.75M
Marsh
37
Actual Paid Claims

Wrongful disclosure of information by employee of credit union who sold information to
outsiders:
– Amount paid by insurer for liability claim and first party loss: $1.8 million

Third party computer hacker stole credit card information:
– Amount paid by insurer for liability claim: $5 million
(note that this was the primary policy limit—claim eroded excess limits as well)

Third party computer hacker stole passwords by electronic means and used those
passwords to gain access to personal information:
– Amount paid by insurer for liability claim (class action): $8 million plus

Employee sold customer data to others:
– Amount paid by insurer for liability claim: $9.1 million

Employee stole and sold information to identity theft ring:
– Amount paid by insurer for notice and liability claim: $2.6 million

Unauthorized access to database resulting from stolen passwords:
– $4.5 million

Insured's employees released proprietary information of the claimant to third parties:
– $715 thousand
Source: AIG
Marsh
Marsh
38
Data Breach
Event Modeling
Based upon number of records compromised
Number of records compromised
100,000
250,000
500,000
1,000,00
Privacy notification costs
400,000
$1,000,000
$2,000,000
$4,000,000
$100,000
$250,000
$500,000
$1,000,000
$1,000,000
$2,500,000
$5,000,000
$10,000,000
$500,000
$1,250,000
$2,500,000
$5,000,000
$2,000,000
$5,000,000
$10,000,000
$20,000,000
$600,000
$1,500,000
$3,000,000
$6,000,000
Fraud liability
$5,000,000
$12,500,000
$25,000,000
$50,000,000
Total estimated third party liability
$5,600,000
$14,000,000
$28,000,000
$56,000,000
Total estimated privacy event
$7,600,000
$19,000,000
$38,000,000
$76,000,000
Call center costs
Credit monitoring cost
ID theft repair
Total estimated first party costs*
Account / card reissuance liability
* May be subject to a Privacy Event Cost Sublimit
Assumptions:
Notification costs - $4 per record
Call center costs - $5 per call (20 percent expected participation)
Credit monitoring - $50 per record (20 percent expected participation)
ID theft repair - $500 per record (1 percent of those monitored experience identity theft)
Card re-issuance - $6 per record (potential liability to issuers, i.e., banks)
Fraud liability - $1,000 per record (range is $500 per record to $6,400 average fraud charges - 5 percent experience fraud)
Marsh
Marsh
39
Thank you!

Questions – Further Discussion
David G. Wilkins, CIC
Managing Director
Marsh
15 West South Temple Suite 700
Salt Lake City Utah, 84101
801-533-3650
Email: [email protected]
Marsh
40