TechAssure, the international nonprofit association of insurance and risk management experts for technology-related risks, has announced a new partnership with InsurTech company Indio. TechAssure members will gain access to Indio’s market leading software – designed to improve the client experience by eliminating redundancies, streamlining applications, and improving client/carrier communications. Read More
Chicago, IL, November 29, 2017 – TechAssure Association was named Network/Alliance of the Year by Insurance Business America Magazine (IBA) at an awards gala held at the iconic Chicago Navy Pier. Nominees for this award included trade associations with fewer than 100 members. Accepting the award on behalf of TechAssure, Executive Director Garrett Droege noted that TechAssure’s commitment to innovation and the next generation of brokers was likely a factor in the selection process. Read More
One of the challenges in designing a comprehensive cyber insurance program lies in the fact that cyber risks are not easily contained within the insurance industry’s pre-defined “boxes.” Cyber risks can affect virtually all lines of insurance, and, yet, most of these insurance policies were never designed to cover such risks. There can often be a sizable grey-area between insurance policies when trying to piece them together. One area that is particularly fraught with peril (pun intended) is cyber crime.
Theft of money has historically been addressed by a crime insurance policy. However, crime policies have historically not offered any coverage for certain cyber crimes. Two new (ISO) endorsements are now available (as of Nov 2015) and seek to address some of these issues.
We would like to thank Stuart Powell and the IIANC for allowing us to duplicate their post on these new endorsements.
Internet crime is not just about data breach losses. While data breach losses are significant and can result in considerable financial damage to businesses and individuals, the internet can be used to commit old fashioned crimes such as the theft of money. Two new ISO Crime Insurance endorsements became available in November of 2015 of which agents should take note.
Fraudulent Impersonation – CR 04 17 11 15 is designed to be used with the Commercial Crime Coverage Policy or Form. (It can also be used with the Government Crime Coverage Policy or Form.) It fills a gap between the traditional crime coverages and newer cyber or data breach coverages.
Traditional crime insurance coverages have not had an Insuring Agreement that would recognize this exposure. The endorsement addresses two groups of people who could be fraudulently impersonated, i.e., “employees” and/or “customers” and “vendors.” The exposure, however, is the same. There would be coverage if the “named insured” receives, in good faith, an instruction to transfer “money”, “securities” or “other property” from a scheduled persons described above ‘but which “transfer instruction” proves to have been fraudulently issued by an imposter without the knowledge or consent’ of the scheduled person(s).
An example of this exposure would be an email purporting to be from the scheduled person authorizing a transfer of money. The transfer is made and, later it is discovered that the email was not from the person from whom it purported to be. The endorsement is not media specific so the “transfer instruction” could be in any form, electronic or otherwise.
One obvious loss control for this type of exposure is “verification.” This would entail a confirmation of the instruction before the transfer would be made. The endorsement has three options that may be selected.
- Verification is Required For All “Transfer Instructions”
- Verification is Required For All “Transfer Instructions” in Excess of a Specific Dollar Amount
- Verification Of “Transfer Instructions” Is Not Required
The degree of verification would have an impact on underwriting and pricing.
It is not difficult to see the value that this coverage could have to a business. Not only would it provide indemnification in the event of a loss, it highlights the value of verification and the potential for loss avoidance.
Include Virtual Currency as Money – CR 25 45 11 15 is designed to incorporate virtual money into the definition of “money” for coverage purposes. This endorsement is also designed to be used with the Commercial Crime Coverage Policy or Form. (It can also be used with the Government Crime Coverage Policy or Form.)
The current ISO Crime Insurance Coverage Policy or Form has an exclusion for virtual money. This endorsement amends the exclusion to except, and therefore provide coverage for, virtual currency to the extent scheduled on the endorsement. The endorsement schedule provided the option to select Employee Theft and/or Computer and Funds Transfer Fraud Insuring Agreement. It provides for a sublimit of insurance for each of the insuring agreements and requires a declaration of the name of the virtual currency and the exchange on which the virtual money is negotiable.
The endorsement describes virtual currency to include, but is not limited to, digital currency, crypto currency, or any type of electronic currency. An example of this type of currency would be “bitcoin.” Wikipedic refers to bitcoin as a “digital asset.” It is a peer-to-peer internet exchange of value. It does not require a governmental medium of exchange such as a central bank currency. Some use the term crypto currency. Bitcoin is a unit of value held in an account which can also be used to purchase item much like a debit card.
Since the value of a bitcoin is not backed by a governmental central bank, the determination of its value is not the subject of public exchange rates. Therefore, the endorsement requires the exchange to be used for valuation in the event of a loss be scheduled on the endorsement.
Both of these endorsements indicate an incremental movement towards addressing cyber exposures beyond data breach that are emerging from the “internet of things.” Stay tuned for there is surely more to come.
Post Originally Appeared on IIANC’s Blog. Reproduced with Author’s Permission.
Stuart Powell, CPCU, CIC, CLU, ARM, ChFC, AAI, ARe, CRIS, has over 40 years experience in the industry, both as an independent agent and as IIANC’s resident insurance guru for the last 20 years. A valuable resource for IIANC members providing technical information, Stuart is well-known across the country for his vast insurance knowledge. He regularly teaches for numerous insurance organizations and is on the national faculty for the Society of Certified Insurance Counselors.
Questions? Contact Stuart at email@example.com or 888-275-8914.
Washington, DC – After the United States House of Representatives approved the reauthorization of the Terrorism Risk Insurance Program (TRIA) on December 10th, the bill died in the Senate last night (December 16th, 2014) after soon-to-retire Oklahoma Senator Tom Coburn blocked the legislation from being called for a vote. Without renewal, the existing legislation expires on December 31st, 2014.
TRIA was enacted after the 9/11 attacks on New York City, which resulted in a majority of insurers declining to write coverage on buildings in NY due to the threat of future attacks. The bill, similar to Flood Insurance through FEMA, provides governmental assistance on systemic, multi-industry losses – in TRIA’s case: terrorism-related.
Coburn’s opposition to the bill stems from a new provision that would require insurance agents and brokers to register with a newly-formed body, the National Association of Registered Agents and Brokers Reform Act (NARAB).
The Property Casualty Insurers of America (PCI) issued the following statement today, expressing concern and disappointment in the bill’s defeat:
It is unconscionable that the U.S. Senate would adjourn without finishing their job and reauthorizing a long-term Terrorism Risk Insurance Act (TRIA) when the threat of a terrorist attack against the United States is at the highest level it has been in a decade,” said David A. Sampson, PCI’s president and CEO. “TRIA plays a vital role in our national economic security. If a massive attack occurs before TRIA is reauthorized, there could be no terrorism insurance coverage or taxpayer protection. PCI is profoundly disappointed by the dysfunction in Washington and we urge the next Congress to address a long-term reauthorization of TRIA immediately when they convene in January.
Without TRIA’s backstop support, fears are wide-ranging throughout the insurance industry that insurers could face insolvency without the legislation, should a terrorist attack occur.
Even with the bill passing, many within the insurance industry are concerned with whether the legislation would address cyber terrorism or not. The bill makes no mention of “cyber,” which leaves a great deal of ambiguity. More on that HERE.
A successful Initial Public Offering offers a sense of pride for a firm. Watching your publicly traded company’s symbol flash across the ticker is an elevating experience. But what additional risks does your company face after an IPO?
Changing from a private to public company status will have additional risks that your organization may need to be aware of and it is important to develop a solid risk management strategy that can help your company adapt successfully after an IPO.
Accountability and scrutiny must be taken into account after a company goes public. The amount of exposure involved with an IPO is enormous and senior management must adjust to their new risk profile.
A successful IPO extends your reach from initial investor interest to public stakeholders. Investors and stakeholders must feel confident in your strategic plan and your ability to manage a wide range of risks. In addition, those firms experienced in turning risk into opportunity will be rewarded. Remember your company is now comprised of public as well as private funding and with great power comes great responsibility. Sound strategies for nurturing investor and stakeholder confidence are essential for an IPO’s success.
Here are 5 tips on transitioning your risk management program, as you move from private to public company status.
- Start from the top: Your board needs to be in position for successful development of a risk management strategy. Encourage your CFO and your CRO to work in conjunction. Compliance between these positions will successfully build the necessary framework for risk avoidance. This in turn, will set the pace for senior management strategy planning.
- Set the stage for effective and robust board governance: Your board governance will need to adapt to your new planning techniques. Since investors are watching more closely, it is time for your board to shine. Make sure you have key players in place that have versatile talents which will enhance rich governance techniques.
- No alarms and no surprises: The public market hates surprises. Surprising your investors can cause alarm which will affect confidence. New ideas and strategies should be carefully vetted. This will ensure that new product launches goes smoothly. Make a practice of including risk management in all of your core business unit discussions.
- Stay ahead of regulation: Regulations are constantly impacting the market. After an IPO — stay ahead of the curve as much as possible. Keep you investors informed about these changes and share your plans for compliance. This lets investors know your board is effectively keeping your firm on track.
- Stop watching everyone else: During the immediate period after an IPO, focus on understanding your unique risk profile and building mitigation strategies to manage the risks. This will provide a solid platform for discussing “risk” with public shareholders.
Adjusting your insurance and risk management program as your firm goes from private to public is important. Contact a TechAssure Association member to learn more about the support they can provide as your build your risk management program.