- ACE Buys CHUBB GROUP
- Top Risk Management Story - What Boston, New Town & Aurora Theatre Have in Common
- FAST FACTS NEWSLETTER - Spring/Fall 2013
- Colorado Shooting Lawsuits
- The Next Level of Risk Management
- How Well Do You Know Your Coverage
- What You Need To Know About Reputational Risk
© Novick Group
Aurora, CO Update
In the wake of the mass shooting last July, a number of lawsuits were brought against theater owner, Cinemark USA, alleging a failure to provide adequate security and responsibility for the bodily injury and deaths that resulted from the mass shooting. Not surprisingly, Cinemark filed a motion to dismiss the lawsuits. The logical (not necessarily legal) premise of their motion was that the actions of the gunman could not have been foreseen and that the theater was not negligent. Last week, a federal judge in Denver ruled that the lawsuits brought by the victims and families of those killed can proceed. In rejecting the Cinemark motion, U.S. District Judge R. Brooke Jackson wrote,
“I suspect that many people, despite overwhelming sympathy and grief for the victims of the Aurora theater shootings, might upon hearing about these lawsuits have had reactions like, “How could a theater be expected to prevent something like this?” I confess that I am one of those people.
…of course…the issues of liability and damages are for the jury.”
Bringing together groups of people in public and private space is essential for many associations. The implications for nonprofit organizations should be clear. While the litigation faced by Cinemark arises from their ownership of the property at the time of the shooting, such risk is typically transferred via contract to associations during their use and occupancy of the premises.
Tragedy Upon Tragedy
Sadly, the explosion on April 15th of two bombs near the finish line of the Boston Marathon is just the most recent in a string of violent incidents over the past year. In this instance, a nonprofit organization involved in an activity not unlike those held by many associations will, like Cinemark, be the subject of litigation which calls into question a responsibility for public safety that rises far above any previously recognized threshold of care. The role and ultimate burden of the event organizer, the Boston Athletic Association, will be closely watched by insurance, risk management and legal observers and of course by nonprofit executives.
Finding Legal Liability May Take Years
The facts and circumstances of the Aurora shootings are different than those in the assault on a Wisconsin Sikh Temple the following month, or the unspeakable tragedy at Sandy Hook Elementary School last December or the bombings in Boston last week. In each instance the allocation of responsibility - i.e., legal liability - will be the result of long, complex, emotional and costly litigation.
In each case, legal liability will turn on many things, not least the interpretation of state laws, and in the case of the Boston bombing, federal statutes. In the Colorado case for instance, Judge Jackson dismissed a claim of negligence but allowed the lawsuits to go forward under the Colorado Premises Liability Act.
Understanding Insurance Coverage in Real Time
While a final determination of legal liability in any of the above may take years, the matter of insurance coverage must be understood by insured associations in real time. Can general liability policies of the type maintained by most associations be relied upon to defend against claims of the kind faced by Cinemark and likely to be faced by the Sikh Temple, Newtown Public School District and Boston Athletic Association? In general, the answer is yes*. The obligation of the carrier under the standard Commercial General Liability policy form is to…
…pay those sums that the insured becomes legally obligated to pay as damages because of “bodily injury” or “property damage” to which this insurance applies. We will have the right and duty to defend against any “suit” seeking those damages.
CG 00 01 12 07
The insuring agreement is understood to establish the twin duties of the carrier: pay damages and defend. Of great significance to every policy holder especially under current circumstances is that the duty of the carrier to defend is more expansive than the duty to pay damages. The obligation of the carrier to tender a defense is said to be triggered when a suit seeking damages (which are presumptively covered under the policy) is asserted against the insured.
While the obligation of the carrier to defend in these circumstances may be reasonably expected, the obligation to pay damages is another matter. While the mere assertion of negligence or a related legal theory may be all that is necessary to trigger the defense obligation of the carrier, an adjudicated finding of wrongdoing that is covered under the policy is needed in order for damages to be payable. If a successful claim (i.e., a finding in favor of the plaintiff) would not result in an obligation to pay damages under the policy because the alleged wrongdoing is not covered, then the carrier owes no duty to defend.
* If the Secretary of The Treasury certifies, as required under TRIA, that the Boston bombing was an act of terrorism BAA would have had to elect and pay for the TRIA option in order for coverage to apply.
Contractual Assumption of Risk – Greater Caution Is Essential
The contractual assumption of risk is a commonplace event for most associations. Leases, licenses, joint ventures, publishing agreements, service agreements - all may be expected to contain allocation of risk provisions which are often unfavorable from the perspective of the association.
The assignment of risk from property owner to tenant under a lease or license agreement (i.e., a contractual risk transfer) has always been among the biggest exposures to high dollar liability faced by nonprofit organizations. Not only do most such agreements transfer effectively all risk to the tenant, the obligation to hold harmless and indemnify the property owner is also undertaken. Regardless of whether the property owner is included as an additional insured, the contractual assumption of risk by the insured (association) is not necessarily covered under the CGL.
Interest in the Cinemark litigation is high among risk managers for obvious reasons. Should the theater be found legally liable, the question of risk transfer to a short term user such as an association has enormous implications for nonprofit risk management planning. Similarly, does the routine assumption of risk required by most municipal governments now create an even greater threshold of exposure for special event planners? Could the Boston Athletic Association, sponsor of the marathon, be held responsible for the deaths and injuries? From the premise that waivers signed by marathon participants could be useful to the BAA in limiting claims, is separate risk management planning now necessary for non-participant observers?
Should General Liability Limits Be Increased? How Much Is Enough?
Perhaps the holy grail of risk management planning for any organization is an understanding of how an evolving risk environment correlates with selected risk management techniques. In the context of insurance, how should association execs synthesize the available information into objective understanding and let that guide decision making?
While it seems clear that the scale of potential exposure has gone up, it is not at all clear what impact this should have on the thinking of any given association with respect to the adequacy of existing coverage. With so many “moving parts” it is not possible to make a blanket statement about the rationale for increasing current limits of general liability (except for budgetary constraints we would not recommend any reduction of limits) at this time.
We have written much over the past decade about the Terrorism Risk Insurance Act of 2002 (TRIA and the subsequent revisions & extensions) and the significance of terrorism coverage in various association P&C policies. Thankfully, and to the great credit of our government and the many thousands of individuals involved with Homeland Security, it has been more than a decade since we wrote of an act of terrorism.
TRIA (currently TRIPRA – Terrorism Risk Insurance Program Reauthorization Act 2007) is the acronym used by most people to refer to legislation passed by congress and signed into law by President Bush in the wake of 9/11. TRIA authorizes the US government to provide a financial insurance backstop for certified acts of terrorism. An act of terrorism must be certified by the Secretary of the Treasury in concurrence with the Attorney General of the US and the Secretary of State. The basis for the legislation is the recognition that an act of terrorism is directed at the United States even though businesses and individuals may be targeted and harmed.
Most association execs recognize TRIA as an option associated with Event Cancellation Insurance. In fact the option to select TRIA is mandated to be included as part of substantially all commercial property & casualty insurance purchases. The most notable exception will be Worker Compensation since most jurisdictions do not permit an exclusion for workplace illness or injury due to terrorism. As this memo is being written it is unknown whether the bombings at the conclusion of the Boston Marathon will fall within the scope of the definition of terrorism as it appears in the original TRIA statute and subsequent extensions.
© 2013 Novick Group
© Novick Group
The owner of the Aurora, Colorado theater site of a deadly mass shooting this summer faces numerous lawsuits brought by victims and survivors. Not surprisingly, Cinemark seeks to have the lawsuits dismissed arguing, in effect, that a duty to have foreseen the criminal conduct of someone entirely disassociated with theater operations and the burden to have taken steps to prevent the tragedy “fails as a matter of law”.
While the facts and circumstances here are unique and do not involve any association directly, we believe this to be of great interest to associations. Associations, more than most other types of business, enter into contracts for the temporary and limited use of premises over which they have little to no direct control. Almost without exception, such agreements contain assignment of risk provisions known as indemnification and hold harmless that burden the association to a contractual assumption of risk unless the venue is found guilty of gross negligence or willful misconduct.
It is not so farfetched to imagine a scenario whereby an association held event is the scene of such random tragedy. The burden of defending itself, as well as a venue which invokes the contractual obligation to indemnify, would be extraordinary and beyond the scope of most association liability policies. While higher liability limits may be a part of the solution, greater attention to contractual risk allocations is every association’s primary risk management tool. Please click here to read more information regarding Indemnification and Hold Harmless Provisions and Insurance & Contractual Considerations.
© 2012 Novick Group
Crises Management & Contingency Planning
...The Next Level of Risk Management
© Novick Group
In the moments after the 5.8 earthquake this past August - when most of us in the office were clueless as to what had just happened or how to react, our two California employees were already under their desks. According to Guy Sheetz, CFO at the Futures Industry Association, “That’s the way it is with unexpected disasters…unless you know what to do…you don’t know what to do.”
This simple truth applies to every business – not just associations. When it comes to nonprofit operations however many volunteer leaders associate risk management almost entirely with insurance. But insurance is just a subset of risk management – one of many techniques available for your organization to reduce the frequency of disruptive events and to mitigate the severity of loss when claims happen.
A more comprehensive approach to risk management requires the engagement of all stakeholders not least those serving at the highest leadership tier. The responsibility to protect the entity is among the essential elements of fiduciary duty, owed by officers and directors of both nonprofit and for profit boards alike.
Everyday Risk Management
Your association employs a variety of risk management techniques many of which take place outside the gaze of volunteer leaders. Activities such as backing up data, adhering to accounting controls or performing pre-employment background checks are examples of effective and relatively inexpensive non-insurance risk management techniques used by many associations.
And of course there’s insurance. Some types of insurance, worker compensation for example, may be required by law. Other types of coverage such as property or general liability may not be required as a matter of law although they may be required by contract as in the case of a lienholder (property) or landlord (general liability). If it’s not required why is insurance so essential to our personal and business lives? Because at the most basic level the concept of insurance as a safety net is almost intrinsic. Of the many options available, the transfer of risk to a third party in consideration for money (an insurance premium) is perhaps the most recognizable risk management technique - even if the policy terms are not well understood. To be clear…the issue isn’t that there is too much insurance (that may or may not be true). The problem is there is too much reliance on insurance! When it comes to insurance safeguards little is known but much is presumed (“…of course were covered that’s what we’ve got insurance for…).
Everyday Risk Management…Is That All There Is?
Whether the issues involve insurance or non-insurance risk management, most experts agree that the first stages of planning should focus on reasonably foreseeable loss scenarios. Fortunately there are many resources that can help associations identify those loss scenarios both in terms of frequency and severity. The next level of risk management is more challenging, more time consuming and more complex - but no less important.
The Next Level of Risk Management
Unlike risk management as it is practiced in so many organizations, this next level isn’t an annual exercise that concludes with a policy renewal or that can be delegated to someone without any training or experience in risk management (as insurance often is).
Manmade or Natural Disaster – Bad Things Do Happen
During a recent visit Bob Mellinger, president of Attainium Corporation, looked out my office window at the Metrorail and commercial railroad tracks less than 200 feet away. Referring to the worst accident in the history of the DC metro rail system, he asked, “What impact would it have on your business if the crash had taken place under your window here in Rockville instead of Fort Totten?” I’ve never thought about that and I’m someone who sees much of the world through a risk management filter.
The Federal Emergency Management Agency has declared 91 major disaster declarations by mid November 2011. From mudslides, snow storms, tornados and droughts to floods, hurricanes and earthquakes, last year saw more billion dollar natural disaster events (over $50B) than any other year on record according the National Climatic Data Center. Per Mellinger, “…it’s not just that the frequency of natural disasters has increased over the past decade, disasters are occurring in regions of the country not traditionally exposed to such events”.
Crisis Management & Contingency Planning…The Next level
The next level of risk management requires a more in depth analysis of risk faced by the organization with emphasis on how to plan and implement the individual, departmental and organization wide response needed in the face of uncertain events. The next level of risk management requires the organization to embrace a culture of disaster preparedness. The reality is that the world is far too complex for even the most robust risk management planning to capture and plan for all possible loss scenarios.
© 2012 Novick Group
*Originally appeared in Associations Now, published by ASAE: The Center for Association Leadership
April 24, 2012
© Novick Group
You know your association has an insurance policy, but how well do you know what's in it? Take this quiz to identify some common errors and misconceptions. (Answers at bottom.)
1. Most claims under a nonprofit directors and officers liability policy arise from:
a. Breach of the fiduciary duty of loyalty
b. Breach of implied contract
c. Negligent rendering of professional services
d. Wrongful termination
e. Copyright and trademark violation
2. True or False: Event Cancellation insurance is a form of property coverage.
3. According to the Employee Retirement Income Security Act (ERISA), sponsors of qualified benefit and welfare plans are required to maintain the lesser of 10 percent of plan assets or $500,000 under which policy or policies?
a. Employee benefit liability
b. "Property of others" section of the commercial property policy.
c. Bond/fidelity/employee dishonesty
d. Fiduciary liability
e. Both A and C
4. The residence state of an employee working from a home office does not need to be included in a workers' compensation policy if:
a. The employee's pay represents less than 5 percent of total payroll
b. The employee is an officer as defined in the bylaws
c. The employee is required to be in the office not less than 10 days per quarter
d. No single correct answer; underwriting requirements vary by state
e. None of the above.
5. The most reliable metrics for associations to use when estimating liability insurance requirements take into account:
a. Board size and gross revenue
b. Board size and reserve balance
c. Gross revenue and reserve balance
d. All of the above
e. None of the above
6. True or False: Obligations under a lease or license for space are insured if the general liability policy includes contractual liability coverage.
1. D. The most frequent source of claims under nonprofit D&O insurance policies involves adverse employment actions, including wrongful termination. These account for as much as 90 percent of claims in some years.
2. TRUE. In terms of risk management, a meeting that generates revenue is an item of property. If an association's event is cancelled or curtailed, the "property" is impaired, resulting in a loss of revenue and possibly extra expenses. Event cancellation insurance is similar to the "business income and extra expense" coverage that is a part of the property section of the association's package policy. The big differences are the insured causes of loss and the coverage location limitations.
3. C. If you answered "fiduciary liability," you're forgiven. Many people, even some in the insurance industry, confuse fiduciary liability and fidelity. Associations can easily and inexpensively comply with the ERISA requirement without obtaining a separate ERISA bond. Many employee dishonesty policies extend coverage to include ERISA requirements. If not, an ERISA endorsement may be added to the association's fidelity policy at little cost.
4. E. While answer D is true, it is not correct. Underwriting rules in every states and territory call for the worksite location to be included with the appropriate amount of payroll allocated to it.
5. E. There is no known metric or algorithm that can be relied upon to estimate liability limits. The nature, scale, and scope of association operations are more relevant factors, but even knowledge of these important issues is generally not enough to project future claim activity. The most useful measure is the historical loss experience of peer group organizations.
6. Absolutely, positively false. Just because an insured association has agreed to assume the risk of loss of a third party under a contract does not mean that obligation may be transferred to its insurance carrier. Defense costs may in some cases be covered, but performance under an insurance contract is never insured. Also, in nearly every circumstance, it must be clear that the association's insurance covers loss arising from its operations only.
© 2012 ASAE
*Originally appeared in Association Law & Policy, published by ASAE: The Center for Association Leadership
February 23, 2012
© Novick Group
The International Risk Management Institute defines risk as "uncertainty arising from the possible occurrence of given events." IRMI is one of the most respected resources for property and casualty insurance and risk-management information in the industry, but its online glossary contains no definition of reputational risk.
You won't find it in Black's Law Dictionary either. It's hard to find even a Google reference to reputational risk dated before 2010.
What Is Reputational Risk?
What do Arthur Andersen, Carnival Cruise Lines, and Toyota have in common? All three suffered damage to their reputations (in Carnival's case, the harm is ongoing) in the aftermath of events that were—rightly or not—portrayed negatively in the media.
Arthur Andersen, once considered a bulwark of corporate accounting, imploded over the fallout of its association with Enron. Such a failure is the ultimate institutional cost of reputational risk.
Carnival Cruise Lines is the parent company of Costa Cruises, whose ship the Costa Concordia ran aground off the coast of Italy in January 2012, killing 32 people. Carnival faces more than just litigation, salvage, recovery, and environmental costs, which are estimated to run near $1 billion. For the foreseeable future, the results of any Google search containing the word "cruise" will almost certainly lead with Costa Concordia. Lost revenue across the brand and necessary public relations expense—known in risk management as indirect or consequential loss—are textbook examples of reputational risk expense. These will add hundreds of millions of dollars to the company's total loss.
Toyota, once considered by many to be the gold standard in automotive engineering, recalled nearly 9 million vehicles worldwide in 2009 and 2010 in response to safety concerns about incidents of sudden unintended acceleration. Initial concerns of faulty accelerator design were set aside following a yearlong investigation conducted by scientists and engineers from the National Highway Traffic Safety Administration and NASA. Improperly fitted floor mats were determined to have caused four deaths in one reported incident. The global recall and the related suspension of production and sales reportedly cost the company about $2 billion. Toyota President Akio Toyoda made a public apology to employees and owners, an action rooted as much in Japanese culture as in damage control.
It happens to nonprofits as well. Earlier this month, Susan G. Komen for the Cure, one of the most brand-savvy and respected advocacy groups in the country, faced an onslaught of criticism and negative publicity following its decision to stop funding Planned Parenthood breast cancer screenings. The scope of negative messages found in mainstream media (not necessarily negative reporting as much as reporting of negative information), fueled in large measure by social media, was remarkable. Negative communication flooded the foundation's own Facebook page. The scale and vitriolic tone was enough to move Komen leadership to reverse the decision and apologize within days. By doing so, the organization took an extraordinary step in mitigating the damage to its reputation.
Who Is at Fault?
In most cases, reputational harm to an institution is not the result of a single person's decisions or behavior. Consider these examples:
- Former Penn State football assistant coach Jerry Sandusky is alleged to have molested children, but it was inaction by late head coach Joe Paterno and others in the leadership at the university that will keep media attention focused on this tragic story for some time.
- After former United Way CEO William Aramony was charged in a 53-count federal indictment alleging that he had defrauded the charity of over $1 million—and was subsequently convicted and sent to prison—Aramony's personal reputation was no longer the issue. The sharp drop in donations that followed was clearly a byproduct of the reputational harm suffered by the directors and the institution itself.
- The ultimate case of reputational harm may be that of the Catholic Church, which has faced more than a decade of accusations involving sex abuse by clergy. Settlements of lawsuits reportedly total nearly $1.5 billion, and several dioceses in the United States have declared bankruptcy. The events of this long-running scandal are so shockingly unfavorable to the church that the reputational harm cannot be measured.
Is It Covered Under Our Insurance?
The simple answer to this question for most associations in almost every instance is no. Until recently, exposure to reputational risk has not appeared as an insured peril in the standard commercial market. In recent months, a few carriers have introduced a specific policy to address reputational risk.
Associations considering such a policy should pay careful attention to the scope of coverage provided. The all-important definition of "loss" in one policy is essentially limited to public-relations and crisis-management expenses. In this case, the policy does not achieve the goal of transferring to the insurer the damage portion of reputational harm.
While all insurance is risk management, not all risk management is insurance. Some risks are not transferable to a carrier in the commercial market space occupied by associations. Even in the most comprehensive, carefully constructed (and no doubt costly) insurance portfolios, many of the risks that associations face in the routine course of business are not fully insured or insured at all.
In large part because of the widespread use of social media and the pace of such communications, reputational risk has emerged as one of the most threatening and challenging perils facing businesses of all sizes and types, including associations. Given the absence of an effective risk-transfer option (insurance), association executives must understand the importance that communications play in a robust risk-management plan.
© 2012 ASAE