data security image

Liability for Data and Privacy Breaches

Reporting on statistics released by the Identity Theft Resource Center (ITRC), BuisnessInsurance.com noted that there have been 368 data breaches reported so far this year to the center – 46.5% of them at healthcare and medical companies. Business and government made up the bulk of the remaining breaches.

What is a data breach, and how does it happen?

We keep hearing the term data breach, but what does it mean, exactly? The ITRC’s definition of a data breach follows U.S. Federal guidelines – a breach is a situation in which the mix of personal information accessed can compromise an individual. The theft of Social Security numbers, medical information, email addresses and passwords all fall under this umbrella.

Most of us also think of a group of hackers working in a dark room somewhere in a remote country, but data is exposed in many ways – and sometimes it’s our own fault. A good primer on the topic is provided by the MIT Information Systems and Technology Department. Theft, notes MIT, is one of the main ways that criminals access personal information over computer networks, but MITnotes that loss of media can lead to a data breach – and anything from a lost iPhone to hard drives, and tapes can be the culprit. In fact, MIT reports that one in four breaches at universities are caused by theft.

Neglect and insecure practices can easily lead to the loss of sensitive data. Do you know how data is stored and secured at your workplace? How about wireless network practices, or document shredding? How do you swipe hard drives and recycle computer equipment at your company when old computers and laptops are retired?

Liability laws are changing

There are hundreds of ways hackers can get into your business, into your data, and exploit your information. It is very cumbersome and expensive to hire the right firms to oversee all your systems, and manage them on an ongoing basis.

But it may be more costly to avoid doing everything in your power to protect yourself against a data breach. A recent Forrester Brief, Legal Costs in a Customer Data Breach now Pack a Bigger Punch, provides an overview of a case in which two laptops were stolen from AvMed’s corporate headquarters. The result was the exposure of 1.2 million customer records, and a class action legal battle that is “setting new precedents for monetary reimbursement for breach victims.”

In the future, the onus will be on companies to securely accept, track, monitor, and retire data. It’s a big job, and there is almost no way that your defenses can be 100 percent secure.

On the open market, data and privacy coverage can assist with some of the issues brought on by a data breach, but as consumer awareness rises and laws are updated, you’ll need to stay on top of your coverage – you never know when a senior IT exec might accidently leave his tablet on a plane, or when an angry employee will steal the wrong file.

Check out the coverage you have available, and contact us if we can help you arrange coverage through a captive.

bud curtis crichton group

Creating Alternative Risk Solutions for Clients

The Crichton Group is a privately-held insurance brokerage firm headquartered in Nashville, Tennessee. Launched in 1979, Crichton is Middle Tennessee’s largest independent insurance agency, and is an Assurex Global partner. The Crichton Group creates all lines of coverage for clients, from personal to commercial and specializes in developing client-focused custom insurance solutions.

Crichton GroupBud Curtis is the director of alternative risk solutions at Crichton. “I’ve been in the alternative risk space since about 1980,” says Curtis, who has been putting risk plans together ever since. “I’ve worked with self-insurance funds, a Bermuda-based captive, and I’ve even been part of a group that owns a captive,” he says, adding, “I’ve worked with captives most of my professional life.”

Risk solutions

The Crichton Group specializes in alternative risk solutions, and offers enterprise risk captives, as well as group, property and casualty, and benefit captives.

“Our typical client or prospect is a financially sound privately-held company with revenue in the range of $60 – 500 million, and at least 150 employees,” says Curtis. “Of course, there are exceptions to the rule depending on what kind of coverage a client needs, but typically the costs involved with an enterprise risk captive require a baseline of revenue in order to make sense for the client.”

Curtis stresses to his clients that captives are first and foremost a risk management tool used to protect the corporate treasury. “Captives are designed to provide coverages for clients who either can’t purchase the insurance they need in the market, or where purchasing insurance on the market is too costly to the client to make sense.”

Insuring your business

Recently, Curtis worked with one client to self-insure against physical damage to their fleet of tractor-trailers. The client ultimately elected to put that coverage under their captive. “Another client with whom we worked wanted to cover earthquake exposure they have in eastern Tennessee, and wind exposure for their presence in the Gulf Coast,” says Curtis. “We were able to roll those coverages into their captive, and the company’s CFO and CEO said, ‘Wow, we can now provide coverage where there wasn’t any before.’ When I get that kind of reaction, I know we’re offering value to our clients.”

As Crichton continues to work with captives, Curtis finds himself talking to his colleagues and clients more often about captives as an effective risk management tool for business owners. “This is such a good tool for companies that use it correctly” says Curtis.

Doing it right the first time

As an industry veteran, Curtis scrutinizes potential partners carefully, and found Intuitive to be a solid partner for his firm. “Intuitive has a high degree of integrity. I’ve vetted several providers for enterprise risk captives, and Intuitive has the best model,” says Curtis. “Intuitive doesn’t control the money – the captive owner does – and their reinsurance model (C-REX) is strong.” Curtis feels that the service Intuitive provides to captive members is excellent. “Intuitive is very transparent with their business, and they manage their captives with a heavy emphasis on underwriting to provide better coverage and ensure profitability and sustainability.”

Setting captives up properly and managing them well is a key factor for Curtis. “I’ve done this a long time,” he says, “when I put an insurance program together, I want to make sure that it’s structured properly on the front end so we don’t have to go back and make excuses. I like to do it right the first time.”

Robert Adler

Product Recall and your Liability

Consider some of the biggest product recalls of recent years – baby formula laced with deadly Melamine, peanut butter tainted with salmonella, and Firestone’s faulty tires, not to mention more recent problems with Chinese beef and California fruit. These are massive, high-visibility cases outlined in Time magazine roundup, but look no further than the Consumer Product Safety Commission  for a list of recent recalls and read through the many types of violations that can spark a recall, and you’ll see just how many ways your company could be impacted by a single faulty product.

Eleven statues govern product safety in the U.S., and also impact what can be imported into the U.S. Still more regulations and laws protect consumers against “unreasonable risks of injury or death” from consumer products in categories that include everything from sports equipment to almost anything in the home, to fireworks and other flammables.

Ultimately, you’re responsible

If you’re a manufacturer of almost any kind of product, or if you process food, you are ultimately responsible for your product in the marketplace, from the smallest part to the product’s overall long-term performance. If a product you manufacture is recalled, you’ll immediately experience a series of problems:

  • You have to pull the product from shelves, accept returns from consumers, and find a way to either repair or destroy the product so it can cause no additional harm.
  • A lawsuit, or a series of them, will surely ensue, and you’ll need to enlist help from outside counsel to see your way through the suits.
  • You’ll need very good public relations representation quickly. Develop a plan with professionals and take their advice on what to do and say moving forward.
  • Fixing the initial problem may also become an issue. Whatever it was that caused your product to be recalled in the first place will have to be identified, dealt with, inspected, and OK’d before you can move forward with production.
  • Once you’ve fixed the initial problem, you’ll face the uphill battle of regaining trust with your salespeople, your clients, and consumers.

Covering costs during a recall

Having responses in place, ready to enact, if you ever face a product recall is critical. If you’ve thought through an action plan – good for you. Now consider the cost to your company if a product recall should ever occur. Legal fees, added public relations and marketing expenses, production and cleanup are just a few of the extra expenses you’ll face. Be sure you have enough cash in the slush fund to deal with a recall, or take a good look at the insurance that you carry for product recall and liability.

If you’re not comfortable with your coverage, and you think your exposure merits more coverage than you can purchase on the market, consider a captive. By creating captive insurance, you can create the kind of coverage you need in case of a product recall, and because you own the captive, you’ll be able to quickly access your coverage. If you have questions about how captives work, feel free to contact us.

photo credit: fred_v via photopin cc

Pilot Flying J

Flying the Coop – When Rogue Employees Leave you Liable

It’s nearing the end of the fiscal quarter, and your salespeople are trying to make their quotas in order to get their bonuses. They’re out in the field selling, but just to hedge their bets, they commit a sin of omission by not mentioning the discounts and rebates that your company typically gives to clients.

This is an overly simplistic version of what happened recently at Pilot Travel Centers LLC, better known as Pilot Flying J, a company that operates about 650 truck stops in the U.S. Flying J is one of the country’s largest privately-held companies — you may recognize the name of their CEO, Jimmy Haslam, as the owner of the Cleveland Browns.

The case against Flying J

The Justice Department’s investigation is long and involved, but lays out a case that Flying J employees and supervisors committed fraud by reducing the amount of diesel fuel price discounts to which Flying J customers were entitled. Employees were charged under mail and wire fraud federal guidelines.

The Justice Department entered into a Criminal Enforcement Agreement with Flying J so that the company can resolve its criminal liability. Under the agreement, Flying J is to pay full restitution to victims, and must also pay a $92 million penalty. An investigation into Flying J’s practices is ongoing, so this could be the tip of the iceberg for the Knoxville, Tennessee-based company.

Numbers like this make a quarterly bonus seem trivial, but when employees are under stress to perform, and supervisors are answering to higher-ups about the bottom line, it’s sometimes easy to see how cutting a few corners can quickly get out of control.

Could it happen at your company?

Nobody likes to think, this could happen at my company – in fact, most of us work pretty hard to ensure that best practices are in place in all departments – but the truth is, a few employees operating under their own set of guidelines could put your company at risk for huge liability.

It’s critical to maintain a close eye on all departments, and put checks and balances in place throughout your organization to hold managers accountable for their departments, and also to get frequent reporting on how employees are doing. At the same time, work with your legal and HR teams to make sure proper channels are in place so that when something goes wrong, a whistle blower is heard or a red flag is seen.

And finally, be sure you’re covered if something does go awry. Companies dealing with even a small scandal a tenth the size of what Flying J is going through will face legal fees, public relations costs, lost sales, employee suits, and more. When traditional liability coverage isn’t enough, consider an enterprise risk captive as a way to cover your company.

If we can provide any information, feel free to contact us.

Kelso founder of eemployee stock ownership plans image

ESOPs Fables

Employee Stock Ownership Plans, also known as ESOPs, were the brainchild of a lawyer and economist from San Francisco, Louis O. Kelso, who believed that selling his company to employees was the best way to ensure its future. In 1956, Kelso created the first ESOP and his employees became owners of Peninsula Newspapers.

ESOPs are a way for a company to provide employees with ESOP shares which are held in trust until the employees leave the company or retire, at which point the shares are sold, and the employee is paid for his or her investment. ESOPs are designed to provide an incentive for employees to stay with the company long-term and to foster a sense of ownership for employees while maintaining a strong financial foundation for the company. For a thorough explanation of ESOPs, visit the National Center for Employee Ownership (NCEO) website.

ESOPS under scrutiny

ESOPs took a while to catch on, but now they are very popular. According to the NCEO, as of 2010, approximately 28 percent of Americans owned employer stock through ESOPs, and that number continues to grow as companies add ESOPs to their employee offering. But as their popularity increases, so do complaints about how ESOPs are run. A spate of lawsuits recently allege that outside appraisers are overvaluing companies and misleading employees about their stake in the company. It’s also alleged that some companies are not communicating key issues to their employees about what’s going on in the company that may impact the company’s value. Employees who rely on the ESOP as a key aspect of their retirement have been left with nothing in some cases.

Labor Secretary Thomas Perez recently likened current valuation practices to the real estate bubble era. His agency and others are currently looking at ways to tighten rules around ESOPs and their valuation. The hope is to design new guidelines for outside appraisers who value the companies while developing new rules to govern how employees get information about the value of their stock. The goal: To put the interests of workers first.

Looking out for the employee

The Wall Street Journal outlined a few recent cases in which companies have truly mislead their employees about the stock price. Employees wound up with little or in some cases no value for their investment – and a very poor outlook for retirement.

Many groups are vulnerable while these practices continue. Certainly, firms that value ESOPs need to set very good standards for their employees – and definite consequences for appraisers who don’t uphold the standards. Companies need to take the idea of employee ownership very seriously, and work hard to live up to the aspirations of an employee-owned company that Kelso envisioned when he first came up with the idea, communicating the good and bad news to employees about their stock so that employees can make educated decisions about how to invest.

While we’re all still operating on the idea of trust rather than a set of federal guidelines on these issues, it’s a good idea to consider if your company is at risk. Companies that operate ESOPs should take a second look at the firms they work with for valuation and make sure they’re above-board, but also consider purchasing fiduciary liability coverage in case there is a law suit about the company’s valuation. And certainly any company that’s providing appraisals should be aware of the exposure they’re facing right now, paying attention to new developments in the industry and in regulations, and making sure they’re covered for any liabilities in the meantime.

If we can help you work through some of these issues, please contact us.

Pete Picetti

Captives – A Strong Option for the Right Client

Heffernan Insurance Brokers, headquartered in Walnut Creek, California, is one of the nation’s largest independent insurance brokerage firms in the U.S., and is also an employee-owned agency that wins awards for being a great place to work. Providing comprehensive insurance, employee benefits, and financial services to a wide range of businesses and individuals nationwide, Heffernan operates offices in San Francisco, Petaluma, Menlo Park, Los Angeles, and Orange County in California. They also have offices in Portland, Oregon, St. Louis, Missouri, and New York City.

Peter Picetti, a senior vice president at Heffernan, has been working in the insurance and risk management business for 27 years – 17 of them at Heffernan managing the firm’s food practice. Recently, Picetti has seen interest in captives growing.

Captives are picking up steam

Heffernan Insurance Logo

Find Heffernan Insurance in Northern California.

“Over the past four or five years, captives have really become a hot button,” says Picetti. Always glad to find new ways to help clients manage uninsured risk, the growing popularity of enterprise risk captives has come as good news. “Clients like to hear that there are options for managing risk – they also like to hear that they can set money aside and create a profit center. Hearing that it may also provide them with some tax benefits is even better here in California, where taxes can sometimes seem unrealistic to clients. Overall, captives are a very strong option for the right client.”

“We are spreading the message about captives to our clients,” says Picetti, noting that captives aren’t for all clients. “Just because a business pays a lot in premiums doesn’t mean it is right for a captive,” says Picetti. “There’s many factors that go into considering if a client is appropriate for a captive. I have a book of more than sixty clients, and probably fewer than 10 percent of them are captive-ready. It’s a delicate dance, but when it’s right for a client, it’s a very good option.”

It takes a village

Part of the value equation for Picetti is the expertise that Intuitive brings to the table. “The feasibility study that Intuitive conducts prior to launching a captive is very valuable in helping to make the proposition clear to clients.” Additionally, Picetti feels that the risk pool operated by Intuitive (The Colorado Reinsurance Exchange) helps to add legitimacy and safety to the mix.

“We really believe that our organizations are matched well,” says Picetti of Heffernan and Intuitive. “We have similar cultures. It’s a village of people that help to get the job done every day.”

department of defense image

New Developments in Cyber Security Liability

The U.S. Senate Intelligence Committee is working on a bill that would help private companies deal with cyber threats by encouraging communication and information-sharing, reports Reuters. The program would be overseen by the Department of Homeland Security, who would collect cyber data from companies who agree to become part of the network. In exchange, the companies would share in liability protections. This bill has had trouble passing so far, but in light of recent cyber attacks, it represents some much-needed thinking on the subject of cyber security.

2013 – The Year of the Cyber Attack

2013 might be remembered in history as the Year of the Cyber Attack. Retailers were hit particularly hard. Neiman Marcus, Michaels, and most notably Target were the victims of malware attacks that pulled personal data – including credit card numbers, user names and even personal identification numbers (PIN) from customer databases. Investigations by the Justice Department urged a new national standard for reporting cyber attacks, Homeland Security, and the Secret Service were involved in uncovering various breaches, and the FBI warns that more attacks are inevitable.

Target, however, seemed to suffer the most from the attacks. Reuters reported that Target sales and traffic fell sharply at the end of 2013, the company faced  $61 million in costs related to the breach (44 million was offset by insurance) and in March of 2014, Standard & Poor’s (S&P) downgraded Target Corp. (TGT), by one level to “A” from “A+”, according to Bloomberg.com. In early May, Target CEO Gregg Steinhafel resigned.

Cyber attackers aren’t just out for the big boys

The Small Business Administration offers a tipsheet citing a series of statistics on how vulnerable small businesses are to cyber attacks. From website tampering to data theft, businesses that aren’t protected are easy targets. In fact, third-party vendors that have access to larger company’s computer systems are an easy way for hackers and malware to move up the chain from one business to the next.

The best way to protect yourself from hackers? It’s very difficult for small-midsized businesses. Retailers can take advantage of recent advances taken by the, National Retail Federation which recently launched a joint commission where retailers can share information to bolster security industry-wide. The Department of Homeland Security hosts a helpful page on how to deal with cyber security issues Cyber security is such a hot issue, it’s a topic at many association trade shows and webinars these days, so take advantage of any education you can acquire from professionals.

But the truth is, even if you take every measure recommended to you, your business could still be hit by a cyber attack, exposing you to law suits from your customers, business partners, and vendors. And even if you do have insurance coverage, it may not be enough to cover all the expenses you’ll incur from a single cyber attack. Months after the event, Target can’t estimate the end cost of the attack, but says it may be close to $1 billion. Could your business cover a margin like the one Target faced?

Don’t be a Target

Take some steps to help your business avoid a cyber attack. Work with your IT department or outsource partner to understand where your business is most at risk, and take steps immediately to update, upgrade, and upmarket your business to safety. Losing money is bad, losing your customer’s trust is what closes your doors.

Next, talk with your insurance provider and find out what kind of coverage you have against cyber attacks. Consider all eventualities, and if you feel as if your business is susceptible to attacks, you may want to consider additional coverage.

We work with businesses like yours to create a safety net when you need one with captive insurance solutions. If we can help you identify a solution, please contact us.

 

Creating Opportunities with Captives

J Smith Lanier LogoJ. Smith Lanier & Co., founded in 1868, is the oldest privately held insurance brokerage in the Southeastern United States and one of the 25 largest of public and privately held insurance brokerages in the country. With 19 offices in five Southeastern states and nearly 600 associates, Lanier serves a wide variety of industries and clients including domestic, international, private, public, for-profit, non-profit, and governmental entities.

“We started working with Intuitive Captive Solutions in 2010,” says Steve Norton, Senior Vice President of Alternative Risk Financing at J. Smith Lanier & Co. “We wanted to offer leading edge and innovative enterprise risk captive products to our clients. Since that time, we have established several captives with Intuitive and have several others in the pipeline.”

Norton feels that offering captives helps to reinforce the firm’s relationships with existing clients and also helps to establish new client relationships. “We researched enterprise risk captives very thoroughly, and we scrutinized the risk pool models that are out there,” says Norton. “We found Intuitive’s model to be just that – ‘Intuitive’. It has the measures and controls in place we felt were necessary to protect our valued clients and their investments while offering real value to the captive owner.”

Keeping an eye on the captive market

Norton sees quite a bit of growth ahead for captives. As his firm continues to develop more business, clients are starting to ask more questions about captives. Norton believes there are firms out there promoting very questionable pooling facilities that are begging for a challenge by the IRS and their scrutiny is only going to increase. Intuitive’s facility has been tested and is closely monitored by their actuary and tax counsel.

“The team at Intuitive and their deliverables are very professional, thorough and well designed,” says Norton. “Intuitive is a great partner for J. Smith Lanier & Co. and we look forward to helping more of our clients achieve their financial goals with their assistance.”

Case Study – A Captive Solution for an Energy Company

Recently, we worked with a publicly traded energy production company. This “C” corporation has annual revenues of approximately $140 million and is profitable. They know that their commercial insurance program covers them for most catastrophic events, but they also realize that they have a number of self-insured risks—risks not covered by third-party insurance, and wanted to know how they might be able to cover these.

Re-evaluating insurance options

The energy company was making adjustments every year to reduce premium expenses while pushing for marginally broader coverage. Adjusting the caps on coverage amounts, deductibles, and exclusions at renewal to squeeze out additional value is an annual process. The company doesn’t buy all insurance available as they are large enough to self- insure several types of risk, and they work hard to grow the bottom line and continually look for proven ways to increase shareholder value.

With all this in mind, we worked with the energy company to review their insurance program and recommended a new captive insurance company. Upon review of the study, they instructed us to form a new captive – a domestic private insurance company – to sell selected lines of property, casualty and liability insurance to the energy company. The integrated insurance review resulted in several recommended adjustments to the existing commercial insurance program that created immediate cash savings to the company by lowering annual P&C premiums. The captive – a subsidiary of the parent – issued a supplemental commercial insurance policy to the energy company in exchange for a fully tax deductible annual premium of $1,190,000. Though this is both in addition to – and substantially more than – the annual third-party insurance premium expense, it accomplished several goals:

  • Created a profit center where there once was only unfunded self-insured risk
  • Gave the management peace of mind by broadening their enterprise risk management coverage
  • Reduced total premium dollars going to third-party insurers
  • Reduced current income taxes and created additional wealth for the shareholders

New benefits through captives

Forming the captive helped the energy company restructure its risk outlook. With the captive, they now had a new business segment with additional net profit budgeted to exceed $3 million over six years. They saw a reduction in annual third-party insurance premiums by eight percent. There was an anticipated distribution of the captive’s profits to the parent company at more favorable tax rates and the company could now be a recipient of a reinsurance payments on losses that otherwise would have been totally self-insured.

Lyons Companies and Captives: Education is Key

Lyons Companies is a risk management firm serving middle-market businesses on the east coast. Founded in Wilmington, Delaware, in 1984, Lyons has more than 55 employees. The company’s philosophy is centered on relationship building, creating proactive solutions to reduce costs and improve profits through smart risk management.

Joe Valerio, an executive vice president with Lyons, has been in the business for 17 years. At Lyons, Valerio works with clients in the non-profit and social services sector, construction, private schools and education, financial services firms, banks, and manufacturing.

Taming risk = taking control

“Risk and insurance is more than just paying premiums and getting coverage,” says Valerio, “For companies, it’s more about taking control of a situation and being able to take more risks in order to move forward.”

Lyons Companies insurance

Lyons Companies

Valerio is passionate about helping clients. “You hate to see a client leave money on the table when they can control their environment more effectively through good claims management, safety, culture, and changing the way they think,” he says, adding, “if you can get your clients to embrace that kind of thinking, you’re differentiating yourself.”

Captives are a natural for Valerio. “I’ve always gravitated toward alternative financing mechanisms,” he says, noting, “Some clients think that they’re too small for something like a captive, but it’s more of an education process, and once you show them that even if they’re smaller, they can still take advantage of an enterprise risk captive and gain more control over risk, even at their size, they’re really interested.”

“Insurance and risk management is a relationship business,” says Valerio. “At the end of the day, there are very few deliverables – you’re delivering on promises that if something bad happens, you are going to be there to make them whole again.”

Education through conversation

Valerio admits that the sales cycle on captives takes longer. “There is a lot of education involved. Most of our clients don’t necessarily think about captives because they haven’t hit that critical mass yet, he says. But when the time is right, he is glad to start the conversation, and often turns to Intuitive for help with specifics.

“There’s a lot of trust in this business, and you have to trust the people you’re working with. That’s why we like working with Intuitive,” says Valerio. “We have that feeling of trust with Intuitive, so we have no problem connecting them with our customers.”