data security image

Liability for Data and Privacy Breaches

Reporting on statistics released by the Identity Theft Resource Center (ITRC), noted that there have been 368 data breaches reported so far this year to the center – 46.5% of them at healthcare and medical companies. Business and government made up the bulk of the remaining breaches.

What is a data breach, and how does it happen?

We keep hearing the term data breach, but what does it mean, exactly? The ITRC’s definition of a data breach follows U.S. Federal guidelines – a breach is a situation in which the mix of personal information accessed can compromise an individual. The theft of Social Security numbers, medical information, email addresses and passwords all fall under this umbrella.

Most of us also think of a group of hackers working in a dark room somewhere in a remote country, but data is exposed in many ways – and sometimes it’s our own fault. A good primer on the topic is provided by the MIT Information Systems and Technology Department. Theft, notes MIT, is one of the main ways that criminals access personal information over computer networks, but MITnotes that loss of media can lead to a data breach – and anything from a lost iPhone to hard drives, and tapes can be the culprit. In fact, MIT reports that one in four breaches at universities are caused by theft.

Neglect and insecure practices can easily lead to the loss of sensitive data. Do you know how data is stored and secured at your workplace? How about wireless network practices, or document shredding? How do you swipe hard drives and recycle computer equipment at your company when old computers and laptops are retired?

Liability laws are changing

There are hundreds of ways hackers can get into your business, into your data, and exploit your information. It is very cumbersome and expensive to hire the right firms to oversee all your systems, and manage them on an ongoing basis.

But it may be more costly to avoid doing everything in your power to protect yourself against a data breach. A recent Forrester Brief, Legal Costs in a Customer Data Breach now Pack a Bigger Punch, provides an overview of a case in which two laptops were stolen from AvMed’s corporate headquarters. The result was the exposure of 1.2 million customer records, and a class action legal battle that is “setting new precedents for monetary reimbursement for breach victims.”

In the future, the onus will be on companies to securely accept, track, monitor, and retire data. It’s a big job, and there is almost no way that your defenses can be 100 percent secure.

On the open market, data and privacy coverage can assist with some of the issues brought on by a data breach, but as consumer awareness rises and laws are updated, you’ll need to stay on top of your coverage – you never know when a senior IT exec might accidently leave his tablet on a plane, or when an angry employee will steal the wrong file.

Check out the coverage you have available, and contact us if we can help you arrange coverage through a captive.

Robert Adler

Product Recall and your Liability

Consider some of the biggest product recalls of recent years – baby formula laced with deadly Melamine, peanut butter tainted with salmonella, and Firestone’s faulty tires, not to mention more recent problems with Chinese beef and California fruit. These are massive, high-visibility cases outlined in Time magazine roundup, but look no further than the Consumer Product Safety Commission  for a list of recent recalls and read through the many types of violations that can spark a recall, and you’ll see just how many ways your company could be impacted by a single faulty product.

Eleven statues govern product safety in the U.S., and also impact what can be imported into the U.S. Still more regulations and laws protect consumers against “unreasonable risks of injury or death” from consumer products in categories that include everything from sports equipment to almost anything in the home, to fireworks and other flammables.

Ultimately, you’re responsible

If you’re a manufacturer of almost any kind of product, or if you process food, you are ultimately responsible for your product in the marketplace, from the smallest part to the product’s overall long-term performance. If a product you manufacture is recalled, you’ll immediately experience a series of problems:

  • You have to pull the product from shelves, accept returns from consumers, and find a way to either repair or destroy the product so it can cause no additional harm.
  • A lawsuit, or a series of them, will surely ensue, and you’ll need to enlist help from outside counsel to see your way through the suits.
  • You’ll need very good public relations representation quickly. Develop a plan with professionals and take their advice on what to do and say moving forward.
  • Fixing the initial problem may also become an issue. Whatever it was that caused your product to be recalled in the first place will have to be identified, dealt with, inspected, and OK’d before you can move forward with production.
  • Once you’ve fixed the initial problem, you’ll face the uphill battle of regaining trust with your salespeople, your clients, and consumers.

Covering costs during a recall

Having responses in place, ready to enact, if you ever face a product recall is critical. If you’ve thought through an action plan – good for you. Now consider the cost to your company if a product recall should ever occur. Legal fees, added public relations and marketing expenses, production and cleanup are just a few of the extra expenses you’ll face. Be sure you have enough cash in the slush fund to deal with a recall, or take a good look at the insurance that you carry for product recall and liability.

If you’re not comfortable with your coverage, and you think your exposure merits more coverage than you can purchase on the market, consider a captive. By creating captive insurance, you can create the kind of coverage you need in case of a product recall, and because you own the captive, you’ll be able to quickly access your coverage. If you have questions about how captives work, feel free to contact us.

photo credit: fred_v via photopin cc

Pilot Flying J

Flying the Coop – When Rogue Employees Leave you Liable

It’s nearing the end of the fiscal quarter, and your salespeople are trying to make their quotas in order to get their bonuses. They’re out in the field selling, but just to hedge their bets, they commit a sin of omission by not mentioning the discounts and rebates that your company typically gives to clients.

This is an overly simplistic version of what happened recently at Pilot Travel Centers LLC, better known as Pilot Flying J, a company that operates about 650 truck stops in the U.S. Flying J is one of the country’s largest privately-held companies — you may recognize the name of their CEO, Jimmy Haslam, as the owner of the Cleveland Browns.

The case against Flying J

The Justice Department’s investigation is long and involved, but lays out a case that Flying J employees and supervisors committed fraud by reducing the amount of diesel fuel price discounts to which Flying J customers were entitled. Employees were charged under mail and wire fraud federal guidelines.

The Justice Department entered into a Criminal Enforcement Agreement with Flying J so that the company can resolve its criminal liability. Under the agreement, Flying J is to pay full restitution to victims, and must also pay a $92 million penalty. An investigation into Flying J’s practices is ongoing, so this could be the tip of the iceberg for the Knoxville, Tennessee-based company.

Numbers like this make a quarterly bonus seem trivial, but when employees are under stress to perform, and supervisors are answering to higher-ups about the bottom line, it’s sometimes easy to see how cutting a few corners can quickly get out of control.

Could it happen at your company?

Nobody likes to think, this could happen at my company – in fact, most of us work pretty hard to ensure that best practices are in place in all departments – but the truth is, a few employees operating under their own set of guidelines could put your company at risk for huge liability.

It’s critical to maintain a close eye on all departments, and put checks and balances in place throughout your organization to hold managers accountable for their departments, and also to get frequent reporting on how employees are doing. At the same time, work with your legal and HR teams to make sure proper channels are in place so that when something goes wrong, a whistle blower is heard or a red flag is seen.

And finally, be sure you’re covered if something does go awry. Companies dealing with even a small scandal a tenth the size of what Flying J is going through will face legal fees, public relations costs, lost sales, employee suits, and more. When traditional liability coverage isn’t enough, consider an enterprise risk captive as a way to cover your company.

If we can provide any information, feel free to contact us.

Kelso founder of eemployee stock ownership plans image

ESOPs Fables

Employee Stock Ownership Plans, also known as ESOPs, were the brainchild of a lawyer and economist from San Francisco, Louis O. Kelso, who believed that selling his company to employees was the best way to ensure its future. In 1956, Kelso created the first ESOP and his employees became owners of Peninsula Newspapers.

ESOPs are a way for a company to provide employees with ESOP shares which are held in trust until the employees leave the company or retire, at which point the shares are sold, and the employee is paid for his or her investment. ESOPs are designed to provide an incentive for employees to stay with the company long-term and to foster a sense of ownership for employees while maintaining a strong financial foundation for the company. For a thorough explanation of ESOPs, visit the National Center for Employee Ownership (NCEO) website.

ESOPS under scrutiny

ESOPs took a while to catch on, but now they are very popular. According to the NCEO, as of 2010, approximately 28 percent of Americans owned employer stock through ESOPs, and that number continues to grow as companies add ESOPs to their employee offering. But as their popularity increases, so do complaints about how ESOPs are run. A spate of lawsuits recently allege that outside appraisers are overvaluing companies and misleading employees about their stake in the company. It’s also alleged that some companies are not communicating key issues to their employees about what’s going on in the company that may impact the company’s value. Employees who rely on the ESOP as a key aspect of their retirement have been left with nothing in some cases.

Labor Secretary Thomas Perez recently likened current valuation practices to the real estate bubble era. His agency and others are currently looking at ways to tighten rules around ESOPs and their valuation. The hope is to design new guidelines for outside appraisers who value the companies while developing new rules to govern how employees get information about the value of their stock. The goal: To put the interests of workers first.

Looking out for the employee

The Wall Street Journal outlined a few recent cases in which companies have truly mislead their employees about the stock price. Employees wound up with little or in some cases no value for their investment – and a very poor outlook for retirement.

Many groups are vulnerable while these practices continue. Certainly, firms that value ESOPs need to set very good standards for their employees – and definite consequences for appraisers who don’t uphold the standards. Companies need to take the idea of employee ownership very seriously, and work hard to live up to the aspirations of an employee-owned company that Kelso envisioned when he first came up with the idea, communicating the good and bad news to employees about their stock so that employees can make educated decisions about how to invest.

While we’re all still operating on the idea of trust rather than a set of federal guidelines on these issues, it’s a good idea to consider if your company is at risk. Companies that operate ESOPs should take a second look at the firms they work with for valuation and make sure they’re above-board, but also consider purchasing fiduciary liability coverage in case there is a law suit about the company’s valuation. And certainly any company that’s providing appraisals should be aware of the exposure they’re facing right now, paying attention to new developments in the industry and in regulations, and making sure they’re covered for any liabilities in the meantime.

If we can help you work through some of these issues, please contact us.

department of defense image

New Developments in Cyber Security Liability

The U.S. Senate Intelligence Committee is working on a bill that would help private companies deal with cyber threats by encouraging communication and information-sharing, reports Reuters. The program would be overseen by the Department of Homeland Security, who would collect cyber data from companies who agree to become part of the network. In exchange, the companies would share in liability protections. This bill has had trouble passing so far, but in light of recent cyber attacks, it represents some much-needed thinking on the subject of cyber security.

2013 – The Year of the Cyber Attack

2013 might be remembered in history as the Year of the Cyber Attack. Retailers were hit particularly hard. Neiman Marcus, Michaels, and most notably Target were the victims of malware attacks that pulled personal data – including credit card numbers, user names and even personal identification numbers (PIN) from customer databases. Investigations by the Justice Department urged a new national standard for reporting cyber attacks, Homeland Security, and the Secret Service were involved in uncovering various breaches, and the FBI warns that more attacks are inevitable.

Target, however, seemed to suffer the most from the attacks. Reuters reported that Target sales and traffic fell sharply at the end of 2013, the company faced  $61 million in costs related to the breach (44 million was offset by insurance) and in March of 2014, Standard & Poor’s (S&P) downgraded Target Corp. (TGT), by one level to “A” from “A+”, according to In early May, Target CEO Gregg Steinhafel resigned.

Cyber attackers aren’t just out for the big boys

The Small Business Administration offers a tipsheet citing a series of statistics on how vulnerable small businesses are to cyber attacks. From website tampering to data theft, businesses that aren’t protected are easy targets. In fact, third-party vendors that have access to larger company’s computer systems are an easy way for hackers and malware to move up the chain from one business to the next.

The best way to protect yourself from hackers? It’s very difficult for small-midsized businesses. Retailers can take advantage of recent advances taken by the, National Retail Federation which recently launched a joint commission where retailers can share information to bolster security industry-wide. The Department of Homeland Security hosts a helpful page on how to deal with cyber security issues Cyber security is such a hot issue, it’s a topic at many association trade shows and webinars these days, so take advantage of any education you can acquire from professionals.

But the truth is, even if you take every measure recommended to you, your business could still be hit by a cyber attack, exposing you to law suits from your customers, business partners, and vendors. And even if you do have insurance coverage, it may not be enough to cover all the expenses you’ll incur from a single cyber attack. Months after the event, Target can’t estimate the end cost of the attack, but says it may be close to $1 billion. Could your business cover a margin like the one Target faced?

Don’t be a Target

Take some steps to help your business avoid a cyber attack. Work with your IT department or outsource partner to understand where your business is most at risk, and take steps immediately to update, upgrade, and upmarket your business to safety. Losing money is bad, losing your customer’s trust is what closes your doors.

Next, talk with your insurance provider and find out what kind of coverage you have against cyber attacks. Consider all eventualities, and if you feel as if your business is susceptible to attacks, you may want to consider additional coverage.

We work with businesses like yours to create a safety net when you need one with captive insurance solutions. If we can help you identify a solution, please contact us.


Case Study – A Captive Solution for an Energy Company

Recently, we worked with a publicly traded energy production company. This “C” corporation has annual revenues of approximately $140 million and is profitable. They know that their commercial insurance program covers them for most catastrophic events, but they also realize that they have a number of self-insured risks—risks not covered by third-party insurance, and wanted to know how they might be able to cover these.

Re-evaluating insurance options

The energy company was making adjustments every year to reduce premium expenses while pushing for marginally broader coverage. Adjusting the caps on coverage amounts, deductibles, and exclusions at renewal to squeeze out additional value is an annual process. The company doesn’t buy all insurance available as they are large enough to self- insure several types of risk, and they work hard to grow the bottom line and continually look for proven ways to increase shareholder value.

With all this in mind, we worked with the energy company to review their insurance program and recommended a new captive insurance company. Upon review of the study, they instructed us to form a new captive – a domestic private insurance company – to sell selected lines of property, casualty and liability insurance to the energy company. The integrated insurance review resulted in several recommended adjustments to the existing commercial insurance program that created immediate cash savings to the company by lowering annual P&C premiums. The captive – a subsidiary of the parent – issued a supplemental commercial insurance policy to the energy company in exchange for a fully tax deductible annual premium of $1,190,000. Though this is both in addition to – and substantially more than – the annual third-party insurance premium expense, it accomplished several goals:

  • Created a profit center where there once was only unfunded self-insured risk
  • Gave the management peace of mind by broadening their enterprise risk management coverage
  • Reduced total premium dollars going to third-party insurers
  • Reduced current income taxes and created additional wealth for the shareholders

New benefits through captives

Forming the captive helped the energy company restructure its risk outlook. With the captive, they now had a new business segment with additional net profit budgeted to exceed $3 million over six years. They saw a reduction in annual third-party insurance premiums by eight percent. There was an anticipated distribution of the captive’s profits to the parent company at more favorable tax rates and the company could now be a recipient of a reinsurance payments on losses that otherwise would have been totally self-insured.

Captive Case Study – Auto Dealerships | Intuitive Captive Solutions


The Situation

Our client is an auto dealership group with multiple brand dealerships. Their operations have expanded steadily due to successful operations over the past 30 years.

The Challenges

The group’s expansion has magnified risks in a number of ways. They’re now exposed to risks that are not currently insured in the third-party marketplace. The commercial insurance market is experiencing price increases and tightening capacity for perils such as directors & officers liability and environmental liability. Increased annual revenues have made the exposure to non-insured risks – like financial guarantees for floor plan – more pronounced. At the same time, new threats emerge regularly that require more coverage, including cyber liability and employment practices issues.

The Solution

The auto dealership group engaged Intuitive Captive Solutions to prepare a feasibility study to review their organizational structure, insurance program, loan documents, and personal guarantees. The study resulted in the identification and quantification of several new personal liability risks and adjustments to the existing commercial insurance program that offset the tightening insurance market conditions. Upon review of the study, the group instructed Intuitive Captive Solutions to form three new 831(b) captives – domestic private insurance companies – to insure selected property, casualty, and personal liability risks.

The captives – controlled by the owners – issued three supplemental commercial insurance policies to the company in exchange for combined fully tax deductible annual premiums in excess of $2,100,000. Though this is in addition to the annual third-party insurance premium expenses the company currently pays, it accomplished several goals:

  • Created a profit center to cover previously unfunded self-insured risk.
  • Gave the owners peace of mind by broadening their insurance coverage.
  • Offset premium dollars going to third-party insurers.
  • Reduced current income tax obligations and created potential additional wealth for the owners and their families.

The Benefits

Three new businesses with additional net profits were formed. The captives resulted in a reduction in current income taxes to the owners of more than $825,000, and also provide an anticipated distribution of the captives’ profits to owners at more favorable tax rates. The auto dealership group is already in receipt of a reinsurance payment on a loss that otherwise would have been totally self-insured.

If we can help you with similar coverages through an 831(b) captive, please contact us.

longboat key

Captive Case Study – Real Estate

The Situation

Our client is a real estate investment and property management company serving self-managed private equity funds and investment partners.  Following a decade of no or minimal revenue growth, the multifamily industry appears to be in a healthy recovery phase.

The Challenges

While they recover, the company is still impacted by capitalization rates that are being driven to historically low levels resulting from unsustainably low interest rates.The commercial insurance market is seeing price increases and tightening capacity for perils such as wind damage. Additionally, multifamily loan documents introduced in 2011 by Fannie Mae materially expand the risk of recourse exposure to borrowers and loan guarantors. The company is also exposed to additional personal liability risks, which have increased substantially.

One Solution

The client engaged Intuitive Captive Solutions (Intuitive) to prepare a feasibility study to review their organizational structure, insurance program, loan documents, and personal guarantees. The study resulted in the identification and quantification of several new personal liability risks and adjustments to the existing commercial insurance program that offset the tightening insurance market conditions. Upon review of the study, they instructed Intuitive to form a new 831(b) captive – a domestic private insurance company – to insure selected property, casualty, and personal liability risks.

The captive – controlled by the owners of the real estate investment company – issued a supplemental commercial insurance policy to the company in exchange for a fully tax deductible annual premium of $1,190,000. Though this is in addition to the company’s annual third-party insurance premium expense, it accomplished several goals:

  • Created a profit center to cover previously unfunded self-insured risk.
  • Gave the owners peace of mind by broadening their insurance coverage.
  • Offset premium dollars going to third-party insurers.
  • Reduced current income tax obligations and created potential additional wealth for the owners and their families.

The Benefits

Now, the company has a new business with additional net profit budgeted to exceed $3 million over six years. Forming the captive created a reduction in current income taxes to the owners of nearly $475,000 and there is an anticipated distribution of the captive’s profits to its owners at more favorable tax rates. The company may also be a recipient of reinsurance payments on losses that otherwise would have been totally self-insured.

Find out more about how we can help you restructure your risk in this changing market. Contact us.

1099 or 12 image Lowe's

W-2 or 1099 – You’d Better Have your Answer Handy

Many employers have trouble understanding the difference between a contract employee and a payroll employee. The definitions are outlined in this article, Form 1099-MISC & Independent Contractors published by the IRS, which opens by admitting how complex the issue is. Many employers think a 1099 employee is a part-time employee, or an employee who works occasionally or seasonally. In reality, the central difference between a 1099 and payroll employee is who controls how the worker performs his or her services. At stake for the employer is a good deal of savings on payroll fees and taxes if the employee can be classified as a contractor.At stake for the worker are important benefits and employment perks – such as worker’s compensation coverage.

Compensating for high’s and Lowe’s

A class action lawsuit brought by roughly 4,029 installers and 949 installation companies argues that Lowe’s supplied the materials and the place of work for the installers, and that Lowe’s “had the right to control the performance of the installers’ work.”  The workers who contract with Lowe’s charge that they are being miscategorized as contractors under California law – the suit was filed in U.S. District Court in Oakland. While Lowe’s strongly denies the allegations, they have offered a $6.5 million settlement.

The letter of the law

The IRS’s definition of contractors is, indeed, a head-scratcher, leaving all kinds of companies open to interpretation of their employment policies, and potentially to the type of suit that Lowe’s faced. This is not just a question for the contracting industry. Tech companies and big corporations have 1099 employees seated in assigned desks, working hours dictated by the company, in clear violation of the spirit of the IRS’s definition. On the other hand, there are plenty of companies who diligently establish corporate policies about the differences between payroll and contract employees who may be just as vulnerable.

Companies that get stuck in a regulatory defense suit in an area this murky and grey might be forced to settle. Consider what might be at stake – legal fees, a class action settlement, and a fundamental shift in how your workforce is structured – and work with your legal team now to do the best possible job of achieving compliance, but back up your decisions with enough coverage to be able to withstand a suit if it were filed. Captive insurance was designed to meet challenges like this one. If we can help you structure a Captive, please contact us.

spencer RIMS Risk Management Challenge logo

What do kids know about risk?

If you spend any time at all around kids, you’ve probably scratched your head, as I have, asking yourself, “what can these kids possibly understand about risk?” Watching little ones ski down a hill at terrifying speeds or eavesdropping on teenagers as they talk about their weekend antics, the idea of risk must seem very remote and implausible to them.

That’s why we were so glad to hear about the Spencer-RIMS Risk Management Challenge. Sponsored by the Risk & Insurance Management Society, Inc., along with the Spencer Educational Foundation, Inc., the competition challenges college students to work in teams to develop a program that addresses issues laid out in a risk management case study. This year, their challenge was focused around Snap-on Inc.

Risky business

Fifteen teams competed, and the best and the brightest teams were invited to the RIMS conference in our home town of Denver, Colorado, to present their case this past spring. The teams presented in front of an audience of 100 risk management professionals, and also had an opportunity to meet and mingle with risk management professionals during the conference.

The team from Temple University’s Fox School of Business took first prize — $4,000 – for the second year in a row.  Teams from Florida State and Virginia Commonwealth were awarded second and third place, respectively.

An updated approach to teaching risk management

It’s interesting to see how business schools are approaching the idea of risk management. They’re building specific curriculums to help guide college students directly into the marketplace when they receive their undergraduate degrees. For example, the team from Temple were studying in the Risk, Insurance and Healthcare Management department in the business school. The RIMS Risk Management Challenge was a great way for the teams to apply what they’re learning in an academic setting to a real-world situation. Exactly the kind of experience you hope a recent college graduate will have as they launch out into the job market.

We look forward to next year’s competition, and hope we can get involved on some level to help kids get a better idea about risk.