RiskProNet News

 

Owners Should Purchase Builder’s Risk Insurance (CPG)

The owner of a construction project is better off purchasing builder’s risk insurance rather than leaving it to the contractor, as this makes it easier for the owner to include business interruption insurance. This was one of the key points discussed at a the recent Construction Practice Group teleconference.

Contractors will often argue that they can get a better deal than the owner but some prefer to place in the name of the owner. The owner can specify all coverages needed, including business interruption in the case of delays.

The group also discussed LEG 3 issues and coverage specifications.

Among the key points were the following:

  • Business interruption insurance for delays can vary widely in what it covers. Check to see whether loss of rents and soft costs such as interest are included.
  • Be aware that the insured will have to prove the loss. “Companies will hire a forensic accountant. The company wants to make the number as large as possible and the carrier wants to make it as small as possible, creating a somewhat adversarial relationship.”
  • Alleged faulty workmanship is a particular challenge. Is this a builder’s risk claim or not? The contractor will want the situation to be covered by insurance so the costs don’t come out of his pocket.
  • Check insurance coverage if ownership of a building is transferred.

The group talked about LEG 3, which has developed as the London Engineering Group crafted three variations of defects exclusions in the 1990s. The defect exclusions have been adopted by the European insurance market and are now finding their way into the U.S. marketplace.

Case History: Collapse of Kansas City Hyatt Regency Atrium Walkway

Loss: Two of three suspended walkways inside a hotel atrium collapsed during a public event in the hotel’s lobby in 1981. The falling walkways killed 114 and injured 216. The two-level walkway was suspended over the hotel atrium with the use of threaded steel rods supported from the atrium ceiling. The hanger rods connected to welded, steel box-beams that were part of the walkway support framing.

Design Change: A modification of the original design occurred during construction because the contractor on site found the installation of the continuous support rods too complex. The contractor proposed using two hanger rods in lieu of a single rod, offset at the upper walkway support connection. The design firm was allegedly called and a change discussed. The designer approved the shop drawings reflecting the modification. Later, it was determined this was done without any re-calculation of loads and stresses. The change ultimately doubled the load on the connection between the upper walkway support beams and the hanger rods carrying the weight of both walkways.

Insurance issues: The cost of redesigning the defective structures was not covered.

 

Control Distribution of Sensitive Docs to Minimize Cyber Risks

Make sure your clients are properly training staff on simple distribution control of sensitive documents.  That was the warning at a Cyber Liability Practice Group conference call, which focused on the latest trends in claims and an interesting real life case on a simple mistake on the handling of W-2’s.

W-2s are a prime target for identity thieves. One RiskProNet member related an unfortunate situation where a client had an employee who somehow sent a PDF of all the company’s W-2s to an employee rather than sending only the employee’s personal W-2. The law requires that all employees be notified that the security of their personal data has been compromised in such a situation. Surprisingly, human errors such as this are responsible for about 10 percent of data privacy breaches.

Other discussions included:

Some carriers, including Travelers, allow a free call with a data privacy attorney to determine whether action needs to be taken after a possible security breach. “Calling the legal specialist does not constitute notice under most policies. It helps to get the client’s IT people on board, too.”  (A Travelers representative made a presentation on this and other services at the recent Claims Practice Group teleconference.

Be Alert for These Concerns

Skimmers, small, almost-invisible devices that collect credit card data, are an increasing problem, particularly in retail stores.

Denial of service attacks are an issue for businesses where interrupted service can create a large exposure. Hackers will overload the website with requests, or create multiple queries for large amounts of data. At some point, servers will crash under the overload.

Notifications of software patches, particularly from Adobe & Microsoft, are another avenue for cyber criminals. Many people put off installing patches. The patch notification, however, alerts criminals to vulnerabilities.

Manufacturers are at risk from hackers who break into systems and control equipment remotely.

Timely reporting is a frequent concern, as some employees are not aware of reporting deadlines. A late report can results in denial of coverage. “Be certain that a C-suite person is aware of the reporting requirements and has the knowledge of internal security systems, particularly firewalls.”

 

Contractual/Insurance Risk Transfer

Construction clients should consider cyber liability coverage and employment practices coverage, considered, “a new signs of the times”. In addition, proper contract language continues to be critical in agreements between building owners, the general contractor and subs. Moody’s Don Aberbook led a discussion of common issues at the recent Construction Practice Group teleconference.

Here are some of the comments.

  • Many owners rely on the general contractor for insurance rather than purchasing their own general liability insurance. However, the owner will almost always be the entity that is sued and should have insurance covering his interest. Protection for owners is “very cheap but it’s also very limited.”
  • The general contractors and subcontractors sometimes are not named on the builders’ risk policy. This has been a particular issue in custom home building and can leave the general contractors and subs without coverage.

Managing Certificates – My COI

  • MY COI is a valued-added service recommended by several members.
  • My COI is based out of Indiana and has technologically advanced software. It can offer certificate endorsement reviews directly to the client. Agents and subcontractors can upload endorsements and requirements into the system. My COI will automatically send out reminders when something is missing.
  • “Some GCs and subs don’t have the time and training to make sure they are collecting proper information from subs. Our motivation for recommending My COI is to help subs from a risk management standpoint.”

Subcontractor Issues

  • Contracts often say that subs are bound by conditions of the prime contract. Be sure to find out what the conditions are.
  • Some contracts say the sub will be paid only when the owner pays the general contractor. “I always try to see if that can be relaxed. I think it’s pretty onerous and probably not fair.”
  • “We have some subs who sub their own work out because it is hard to get labor. This is where we see ‘flimsy’ certificates with carriers we’ve never heard of. We always tell clients to check the A.M. Best rating. If a lower tier sub causes injuries or construction problems, they may not be protected. We’ve had a couple of clients burned with that.”
  • Check anti-indemnity clauses. “At least a third of the contracts that I review have outdated language. If a contract does not comply with the statue, it won’t be enforceable.”
  • “I periodically have clients ask if they can fire a sub who has caused claims. It’s dangerous to go there in terms of retaliation charges. I always suggest that clients carry employment practices liability coverage.”
  • “With the job market tightening, we’re seeing more employee leasing. It is important to see that the temp agency is providing insurance and is naming the contractor as an additional insured. There should be an alternative employer endorsement for workers comp on the temp agency’s policy.”

Ongoing issues

  • Consider social engineering coverage. The bad guys are always one step ahead. Consider ransom requests and fraudulent wire transfer coverage. “We’ve had a couple of clients who paid when their whole systems were held for ransom.”
  • “Multi-family costs are not yet under control from a litigation standpoint, probably because the plaintiff’s bar is so strong. It is getting better.”

Upcoming conference

  • The Construction Practice Group will meet in Chicago Oct. 4-5. Registration is now open. Guest speakers will include Craig Stanovich of Austin Stanovich Risk Managers, Bill Wilson, founder & CEO of InsuranceCommentary.com and Brian Billhartz. Wrap Up Solutions. Lee Shidlofsky of Shidlofsky Law Firm, PLLC, has been invited.

 

Looking for Scenarios That Resonate With Personal Lines Clients

Simple human errors — as opposed to sophisticated hacking attacks by cyber criminals  — are a common cause of cyber liability issues. Even so, personal lines clients often find it difficult to see the need for cyber liability insurance.

These were among the points made at the recent Personal Lines Practice Group teleconference, focusing on cyber liability.

“Clients can’t always relate to cyber liability situations,” one group member said. “I’m embarrassed to tell this story on myself, but clients have understood it. I received an email from a contractor, and I was expecting an invoice. The email gave me four ways to open the document and appeared to have been sent in a secured fashion. It asked me to log into Outlook, which I did. The next thing I knew, it had sent a junk email to everyone in my address book. Fortunately, nothing else happened but it could have. We have all sorts of email security, and I opened it by simple error.”

“Smart” homes

“When it comes to smart home devices, clients are more concerned about someone turning the heat up to 100 degrees than criminals gaining access to their homes.”

Cyber bullying

“People are more concerned about someone bullying their children than about their children bullying someone else.”

“In the old days you had a fight behind an alley. You walked away and avoided the person in the future. Today we can have cyber bullying all over the Internet. It can require digital forensic analysis to find it all and remove it.”

Computer cameras

“We recently had a demonstration on new telephone equipment and the company representative had taped over the camera on her laptop. She said company policy required that the camera be blocked to prevent cyber intruders from turning it on. I’ve shared this with our clients. This is a simple thing that you can do yourself.”

Unsubscribe functions

“We’ve been cautioned not to unsubscribe from junk email. When you unsubscribe, it verifies that you are a real person and your address can be sold to someone else. Put unwanted email into the junk folder but don’t open it and don’t unsubscribe.”

Compelling scenarios

“We need to come up with three claims scenarios that will wow clients and make them think this could happen to me.”

“There is sticker shock at the cost. It’s almost like flood insurance. We shows it to everybody put people rarely buy it unless they’re on the coast or in a flood zone.”

“Here is a scenario that resonates with clients on flood insurance. A few years ago a water main broke at UCLA. People realize that floods can happen to them, even if they aren’t near a river.”

Cyber seminar for clients

“We had a successful seminar for clients on cyber insurance. It was at 4 p.m. and we served cocktails and appetizers. We’ve had success with this timing for seminars.  We invited both commercial and personal lines clients. Some came themselves, and other sent assistants. We also talked a lot about social media, including the day that Twitter went down.”

Requiring Sign-Offs?

How do you treat new versus current clients? “We plan to send an email letter to all clients advising them that a cyber product is now available. We tell clients they can remove cyber coverage although we don’t recommend it. “

“We do something along the same lines in our new business proposals. We may ask prospective clients to sign off if they don’t take cyber coverage.”

“We don’t go into a lot of details on cyber insurance, and we don’t ask clients to sign off if they don’t take it. If we are going to offer it to one client, we want to offer it to all of them. If we offer cyber to high net worth clients, do we have to offer it to smaller clients?

 

Insuring Unauthorized Disclosure of Data

Possible unauthorized disclosure of data  – rather than ransomware that encrypts files – may be a stronger selling point for cyber insurance for clients such as law firms. This was one of the points made at this month’s Cyber Liability Practice Group teleconference.

“We sometimes hear clients say they aren’t worried about ransom demands because everything is backed up,” one person said. “But what if a hacker threatens to make private data public as opposed to just destroying it? The requirements under breach notification laws are expensive. Also, malware could be on the backup tapes as well.”

Here are additional comments from the conference call:

 Working with CIOs

CIOs can be allies or obstacles during the sales process. Some CIOs fear that the decision to buy insurance means they don’t have all their ducks in a row. Or they may feel that liability rests with third party vendors that handle hosting and other functions. “If you have a CIO who ‘gets it,’ it’s awesome to have them involved because they know where possible breaches may occur.”

E-Commerce Vendors

For clients doing e-commerce, using third party vendors such as PayPal offers some protection. There is a distinction between entering credit card information into the insured’s website and redirecting customers to PayPal. PayPal is a more favorable situation for the insured.

Philadelphia Insurance Companies Form Comparison Review

The forms were written in 2012. “In cyber insurance, that might as well be 100 years old. Having said that, it’s not horrible.”

“The breadth of some of their terms is a double-edged sword. It’s good to have broad terns in extending coverage but using the same terms in exclusions is not a good thing. The word ‘you’ is used broadly in some exclusions. It should be limited to ‘knowledgeable people’ or C-suite executives.”

One group member reported that Philadelphia is willing to make some changes in policy language upon request. Recommended requests include the following:

  • Exclusion D addresses “failure to maintain reasonable protection.” “It is difficult to define “reasonable” and the exclusion is not market competitive. Philly is aware of it and ready to remove it upon request.”
  • There is a 150 percent penalty in the event that malicious code re-emerges. This also is not market competitive. They also are aware of this and willing to remove it.
  • A good point is that coverage is extended to third parties. But the exclusion for “reasonable failure to maintain protection” technically could apply to third parties. “I doubt that this is the intent, but it could be read that way. “

In the News

A Seattle seafood company paid $700,00 to the wrong entity as the result of a computer phishing scheme.  Travelers’ denial of the claim, based on an “authorized person” exclusion, was recently upheld by the Ninth Circuit Court of Appeals.

IBM has banned the use of removable storage devices. One reason is that they can be lost; the other is that they are a prime way for hackers to gain access to computers.

New data protection laws in the European Union go into effect May 25.

Cyber criminals have found a new way to bypass the Safe-Link feature in Microsoft Office.

 

Operating Wellness Programs in Face of Legal Challenges

“If you’re an employer trying to sponsor a wellness program, then the recent kerfuffle between the AARP and the Equal Employment Opportunity Commission affects you.” This quote from a recent issue of Benefit News sums up the discussion at this month’s Wellness Practice Group teleconference.

The consensus was that the “EEOC is unlikely to make this a ‘witch hunt.’ They don’t have time.”

A more likely scenario is that a plaintiff’s attorney will challenge a company’s wellness program.

The major question is whether companies can legally subsidize up to 30 percent of an employee’s health care program costs if the employee participates in wellness programs. This has been an exception to the law making it illegal to base eligibility or premiums on health-related factors, including genetics.

Here are comments from the teleconference:

  • It is permissible to give employees a choice of wellness activates in which they can participate. For example, a company can create a walking challenge and give gift certificates as rewards as long as the program is voluntary.
  • Fitness programs usually are acceptable as long as no health information is collected. An employer can, for example, give “points” for taking fitness classes or tracking steps taken each day. This is believed to be legal even if some employees are unable to participate because of disabilities.
  • One person raised the question of whether a client’s other insurance would provide legal defense in the case of challenges to a wellness program. Directors and officers liability coverage may provide protection in selected situations, although the GL policy is unlikely to cover this.

Other Matters Discussed

  • Bravo recently conducted a webinar on creating a program within legal guidelines. It also reviews genetic testing guidelines. A white paper on the topic also is available.
  • No RPNI member agencies and few clients have a staff person dedicated to wellness program.

The Wellness Practice Group meets via conference call every other month.

 

Best Ways to Handle Claims Servicing

Assigning a claims service person to a specific client – as opposed to allocating assignments by the type of claims — works best, RiskProNet members agreed at the recent Claims Practice Group teleconference.

Members discussed a recent survey, with data ranging from the number of people in the claims department to software used to manage claims.

 “We try to create a relationship between the claims department and our clients. We don’t really have specialists. If we did, we would have two or three different people working with the same client. We’d rather have a client talk to the same person every time. We learn how the client operates, and the client learns how we operate. Our approach is to create a long-term relationship that will have benefits beyond the sales and underwriting process.”

 Saving money for clients

“We review the x-mod on workers comp for our largest clients and often find errors. For some reason, reviewing the report is not a normal process for most of our competitors. There’s no secret sauce; it’s literally just doing it. We save clients millions of dollars and four points on the average. Something like this can make a big difference for you and your agency.  It’s a lot of fun to get an email saying, ‘Thank you for saving me $27,000 because you made sure the claim was closed and you pushed refilling.’”

Additional comments

“There is quite a variation in terms of the number of people assigned to claims. It makes us wonder what services other people are offering that we aren’t. If we take out life and benefit, the spread narrows.”

 

Using Stewardship Reports for Large Accounts

Claims managers agreed that stewardship reports for large accounts should ideally be reviewed three, six and nine months after renewal. This, along along with other administrative matters relating to stewardship reports were discussed at a recent claims managers practice group conference call.

Discussions included several sample documents, provided by Brad Larsen at Buckner Company, including:

  • Worksheet for creating stewardship timelines.
  • Cyber liability comparison form.
  • Claims review form.

Here are some of the comments and questions from the teleconference.

  • Do you involve carriers in reviewing claims or do this on your own? Both. If clients are no longer on risk, carriers sometimes want to pull back on service delivery. There is a lot to be said for doing it yourself, especially if carriers want to charge for reports.
  • Ask clients if they are aware of any circumstances that could result in a claim when the policy approaches renewal. Remind them that under certain circumstances, they must report a claim within 30 to 60 days after a policy expires to have coverage.
  • The Epic agency management system has a good system for creating reminders. “It’s efficient and a good way to avoid keeping everything in my personal diary, although I still do.”
  • A central calendar should outline the commitments made to each client.
  • A workers comp review is typically created three months after renewal, and data is due to NCCI 6 months post-renewal.
  • We have an annual service team meeting with loss control and production on large accounts. We want to look at revenues and service hours three to four months before renewal. We get an agreement with the producer and the client on how many hours we can spend and how many meetings are appropriate. “The client needs to have the perception, as well as the reality, that we are constantly following up.”
  • Some clients don’t want to see you four times a year or don’t have the volume to merit meetings that frequently. Once we build a relationship with a client, we may be able to do conference calls rather than face-to-face meetings or make intermittent calls on a particular claim. The right amount of service will not be the same for every client.
  • We have three tiers of service levels, based on volume. The lowest is somewhat reactionary. Time lines are written for the highest level. Each service level is based on revenue generated and producers are charged back $250 to $500 per account.
  • Most carriers other than Travelers are unwilling to share benchmark data on how clients compare with others in the industry. Travelers will only share data with current clients.
  • Zurich shared benchmark data with one client on a major construction account. “It’s not something Zurich normally does and I think it was because of the size of the account. They’re the only other carrier I’ve found willing to share data.”
  • How do you suggest starting a stewardship-reporting program? Start with one batch of clients and then move on to the lower level.

 

Many New Trends in Personal Lines

Self-driving cars could mean reduced income from auto insurance, members of the Personal Lines Practice Group agreed at a recent teleconference. Other issues included dog bites, the younger generation with little interest in home ownership and jewelry, and videotaping homes of major personal lines client

Here are some of the comments:

Self-Driving Cars

J.D. Powers estimates that there will be about 10 million driverless cars in use by 2020. While this is a small percentage of the 1.4 billion cars on the road, it may have an impact on auto books at insurance agencies.

“A lot of younger drivers are waiting until they are 18 to get licenses instead of getting them at 16 because their parents don’t want to pay the premiums. Or they are using Uber and similar services and not driving at all. Today they have the convenience of not needing to drive in a city, and they aren’t driving as much as they used to.

“We are seeing some of this, but it is less dramatic because we are outside a metropolitan area. Everyone here still needs a car. In the cities, we are seeing clients turning to MetroMile or Lemonade. Auto insurance based on the mileage component has unbeatable premiums.”

“The scariest part is that I don’t think even the carriers know what is coming. You will still have to insure your vehicle, even if it’s driverless. There will be some sort of risk but we don’t know it will be. Will medical payments and physical damage fall back to the manufacturers? Or will the manufacturer be able to say that the vehicle was being used during inclement weather and the owner should not have been on the road?”

“Consumers are not fully confident of automated driving systems. Almost 50 percent say they ‘would’ or ‘probably would’ try driverless cars. The younger generation is much more trusting of technology.”

“The future is likely to bring more auto-sharing as well as self-driving vehicles. This also will impact insurance policies.

Changing values

“The younger generation doesn’t want to buy homes because they don’t want to be strapped to anything permanent. We are seeing apartments galore.

“We see young people coming out of school with student loan debts and reluctant to buy homes.”

“Values are changing with the generations. When I started in the industry, coverage for jewelry and collections was a big deal. This is still true of those 55 and older but we don’t see the same interest in the wealthy groups that are emerging. My children, for example, don’t want silver or jewelry.”

“We are spending more time vetting a client before we write a proposal. If prospective clients don’t value insurance, they won’t value the protection received from their insurance policies. They will end up going online and looking for something cheaper.”

 Keeping in Touch with Clients

“We offer the videography for free but we’ve had clients say they will pay for it. When we ask them if they want it again the following year, they always say ‘yes.’ You wonder whether you need to do it again, but we’re realizing that it really is necessary and people value it.  We’re upselling through the use of video.”

“Many of our clients don’t want to meet face-to-face and prefer to do everything by email and telephone. We tried videotaping but did not see a big response. But anyone who has gone through a natural disaster will recognize what a benefit it is.”

“We’re posting answers to customer questions on our blog. This will be a reference, so we can refer other clients with the same questions to the blog entry.”

“We ask clients to fill out a survey every other year. We decided yearly was too often, so we call them on alternate years. We’re finding that some clients haven’t even thought to tell us about a major home renovation.”

Generating new business

“We’ve found social media is great for branding but it doesn’t bring qualified leads. Ninety percent of our referrals come from real estate agents, lenders and title companies. This is where we need to focus in the future. We don’t offer any inducements to them. Their primary interest is to have us take care of the insurance needs so the sale won’t fall through because of an unresolved issue. After the flood zone remapping, we went into various real estate offices and spent 10 to 30 minutes on a Q& A about elevation certificates, grandfathered provisions and assumption of a policy at the act of sale. This sparked an interest and real estate agents realized we could help them. We pay $760 a year for an ad in a brochure that regional real estate agents give to their prospects.”

“We have added two personal lines producers and give a bonus of 50 to 60 percent of the annual growth in their books of business. One producer is ‘the only summer intern we have had success with’ as a full-time employee. She was a college athlete and is very competitive. The other is an account manager who wanted to move into sales. We’ve given up on college recruiting fairs and focus on someone with more experience. You can’t walk in looking like you’re 18 years old, especially if it’s a commercial lines account.”

Directors and officers liability

“If clients serve on nonprofit boards, alert them to find out whether the nonprofits have directors and officers liability insurance. Clients are always appreciative when we suggest that they check this, and it can lead to selling an umbrella policy.”

 

Dog bites

State Farm paid more than $10 billion in dog bite claims in 2016. California had the largest number of dog bite claims.

 

Check for Cyber Liabilities During Acquisitions

Caution your clients to check for cyber liability exposures when they acquire a new company. This was among the topics at a recent Cyber Liability Practice Group teleconference.

SullivanCurtisMonroe’s Patrick Hernandez, newly selected as chair of the practice group, brought two recent issues to the attention of the group. The City of San Diego is suing Experian for a data breach that affected 250,000 people in the city. Panerabread.com apparently failed to encrypt customer records for eight months.

Here are additional comments from the meeting:

  • Endeavor Insurance Services has a new offering to provide coverage in case of remote access to data.
  • RiskProNet members are receiving client requests for help in identifying cyber vulnerabilities. One RiskProNet member has partnerships with law firms to provide guidance, while another refers clients to the Chubb vendor list. SullivanCurtisMonroe is preparing a list of vendors in this area, and will share the list via the slack channel.
  • Check policies for the following language:

–Does the definition of the insured include independent contractors, interns and volunteers?

–Most policies define covered territory as anywhere in the world. Consider a policy that covers territory anywhere in the universe, given today’s transmission of data via satellite.

–What happens if there is a dishonest employee?

–Will EPLI coverage apply to cyber breaches that could result in disclosure of information about employees?

 

RiskProNet Previous Posts
Subscribe to Member’s News