The Insurance Weave, Coordinating Coverage and Procedures

When considering the purchase of Cyber Liability, Directors & Officers (D&O) or Errors & Omissions (E&O) Insurance policies, "off the shelf" insurance products are not sufficient. A firm’s risk matrix outlining exposures and risk transfer solutions should be a living document that incorporates actual language from your insurance policies. Consider e-mail fraud transfer issues, something very real in your world. When and how are you covered? What are the claims reporting requirements? Is there a time restriction between occurrence and reporting a claim that you need to be aware of? Does the fine print buried into the forms prevent coverage you expected to have? The key is amending and melding both your insurance policies as well as your risk management matrix to avoid these coverage traps.

I saw an advertisement and e-mail blast that was distributed to various financial advisors that advertised $1,000,000 of coverage for just $1,900. This is a prime example of an “off the shelf product” that may not be the best solution for your firm.

Their policy restrictions included:

  • No coverage for acts by rogue employees
  • No coverage for failure to comply with own privacy policy
  • No Coverage for failure to administer an identity theft prevention program required by law or take necessary actions to prevent phishing/identity theft
  • No Coverage for failure to timely disclose a security breach as required by law
  • While some of these items may not carry high priority for you, they are included on other insurance policies for approximately the same price. Ask yourself, are you looking to meet an obligation/ perspective client RSVP or actually obtain comprehensive protection for your firm?

    In an effort to help coordinate procedures with insurance requirements, did you know that the majority of Cyber Liability policies contain a “Uniform Commercial Code Exclusion?” This policy restriction eliminates coverage if certain steps to avoid loss do not take place such as encryption requirements and call-back numbers? The reality is “off the shelf” can mean some coverage, maybe.

    The same holds true regarding E&O Insurance.

    Take trade errors as a great example. Provisions in your E&O policy related to the timing and reporting of such errors that may eliminate coverage for this event. It’s not uncommon to see policies with reporting requirements of such trade error within 24 hours of discovery or occurrence! The broker’s job would be to expand this time restriction to a more practicable time period. In this same example the question of “who’ knows about this trade error needs to be understood and potentially amended, by your broker. Best practices dictate the timer on your firm’s reporting provision should start ticking when someone aware of this policy requirement has “knowledge” of the occurrence. Again, “off the shelf” may leave the firm more vulnerable than intended.

    Perhaps this last example we recently saw play out will further demonstrate the power of NOT purchasing an “off the shelf” policy. An insured was the victim of a $250k e-mail fraud wire transfer request. The question was raised - which insurance policy would apply to this event? The firm had written policies and procedures in place but the employee did not follow those procedures. Under the Cyber Liability Policy, the Uniform Commercial Code Exclusion restricted coverage since there was no call or call back requested by the employee of the investment management firm. The Fidelity Bond/Commercial Crime Policy, which included an e-mail fraud transfer rider, had call-back requirements similar to Uniform Commercial Code, thus precluding coverage under that policy. This left the firm’s E&O policy as the remaining remedy for protection. Fortunately, the policy did respond due to three facts. First, there was negligence by an employee not following the firm’s Written Policies and Procedures. Second, a written demand from a client was made which is essential to trigger E&O Insurance. Finally, the definition of professional services that we helped craft was broad enough to cover this loss. All three of these coverage conditions HAD to be met before the policy would respond. Left to “off the shelf” policies, the outcome would likely have been different

    Good news! Every day, new insurance products with improved and evolving coverages are being introduced in the marketplace. This includes changes to the Uniform Commercial Code and call-back requirements which could thus avoid a high E&O deductible. Your broker should keep you abreast of these evolving products. In the end, coordinating your insurance into your company’s policies and procedures is essential. The coordination of coverage and written policies and procedures allow you to protect you and your firm from severe financial harm and prevent extended litigation with clients as well as coverage disputes with your insurer(s).