Better Insurance Through Generations Of Experience & Personal Attention

Guides & Whitepapers

• D&O Insurance Guide

  Directors & Officers Liability insurance (also referred to as D and O insurance) is a complex, often misunderstood insurance product. However it is also a critical coverage for many organizations, both small and large alike. Below, we have put together a brief guide in order to help companies and their directors better understand the intricacies of (and value provided by) these highly specialized policies. For directors looking to perform in depth policy reviews, we have published both a D&O Checklist and EPLI Checklist to assist with coverage assessments. 

  What Is D&O Insurance?

  In its most simple terms, D&O can be viewed as errors and omissions coverage for board-members. It provides defense costs (attorneys fees), damages and settlements, for mistakes and accusations made against executives for their business decisions. Policies are comprised of a number of basic insuring agreements and coverage components:

  • SIDE A (DIRECT COVERAGE): Also referred to as executive insurance, this insuring agreement provides direct coverage to the directors and officers when the company cannot indemnify them, either due to insolvency or due to laws barring indemnification such as during a derivative claim.
  • SIDE B (CORPORATE REIMBURSEMENT): Provides balance sheet protection by reimbursing the corporation after it indemnifies its directors or officers for a claim.
  • SIDE C (ENTITY COVERAGE): Coverage for claims asserted against the entity itself. While Public company D&O coverage restrict such claims solely to securities claims, private company D&O insurance provides broad coverage for claims made against the entity.
  • EPLI (OPTIONAL): Employment practice liability insurance provides protection against employment related claims which account for a significant percentage of claims made against private companies and non profits. These claims include wrongful termination, failure to promote, sexual harassment, and others.
  • CRIME INSURANCE (OPTIONAL): Crime insurance provides reimbursement to the entity for losses it sustains resulting from employee fraud, executive theft, theft of funds, and more.
  • FIDUCIARY INSURANCE (OPTIONAL): Protection for executives and plan administrators against claims asserting mis-management and mistakes made while administering employee benefit plans.
  • CYBER SECURITY INSURANCE (PURCHASED SEPARATELY): Provides coverage for cyber liability arising form data breaches and intrusions. Also included is coverage for notification costs, regulatory defense and fines (including PCI fines), lost income resulting form network interruption or loss of website services, ransomeware demand reimbursement and more.

  How Is D&O Coverage Purchased?

  Directors and officers liability insurance can be structured to the interests of each organization depending on their risk profile and coverage needs. These coverage options require companies to make important decisions when structuring coverages. Some of those considerations include:

  • PACKAGED VS STAND ALONE: D&O can be purchased as a stand-alone policy, with no additional components or packaged with EPLI, crime and/or fiduciary insurance. When packaging coverages, policies can assign one blanket limit to all coverages, or assign each coverage its own dedicated limit. While dedicated limits will result in higher premiums it also provides better coverage by appropriately isolating each coverage.
  • ONE SIDE OR ALL SIDE: Directors and officers insurance can be purchased for Side A, B and C (which is the most common approach) or for Side-A only claims with the entity opting for no corporate reimbursement or entity coverage. While side-A only policies may provide broader direct coverage for the officers at a slightly lower premium, this can be a risky approach, as the majority of claims fall under Side B and Side C coverage. 
  • EXCESS & SIDE A DIC COVERAGE: In order to increase policy limits and/or broaden coverage, additional policies can be placed “on top” of underlying policies, similar to an umbrella. These policies can be 1) follow form, with the same terms and definitions (intended to simply increase limits), or 2) “difference in condition” in order to provide broader coverage then the underlying policy. 
  • SPECIAL COVERAGES: In addition to the above policies, companies with specific concerns may opt to seek additional specialty coverages such as employed lawyers insurance, IDL (independent director liability) coverage, investigation coverage or reputational insurance.

  Directors and officers insurance policies are mazes of terms, conditions and definitions that require careful review. Policy audits should be performed in order to ensure that its definitions sufficiently align with 1) other policies such as any E&O or cyber insurance policies, 2) appointed directors/officers as defined in the corporate charter, 3) additional entities including any domestic and foreign subsidiaries. It should be noted that, performing a foreign audit and coordinating proper coverage for foreign entities can be a delicate balance requiring careful attention. Often the placement of separate foreign coverage is recommended.

  What Types Of Claims Are Covered?

  • Customers can file claims related to contractual disputes, false advertising, misleading product information and privacy violations (related to debt collection practices and marketing). 
  • Suppliers can file suits for damages suffered by failed promises of increased orders.
  • Competitors can assert claims asserting negligent business interference, false advertising, or claims asserting employee poaching to obtain trade secrets.
  • Creditors and bankruptcy trustees can file claims in an effort to recoup losses asserting breaches of fiduciary duties and/or misrepresentations made when applying for credit. 
  • Shareholders and investors can assert fraudulent inducement, misrepresentations made in private placements and/or breaches of fiduciary duties.
  • Employees can file false claims act claims, or, more commonly, employment related claims such as individual suits or class actions asserting sexual harassment or wrongful termination and/or violations of wage and hour laws.
  • Regulators and government agencies can bring investigations and enforcement actions for numerous violations such as FTC actions for consumer protection laws and SEC or DOJ investigations for violations of the FCPA act. In addition to any resulting fines and penalties, the costs to comply with investigations alone can be significant.

  What Does D & O Insurance Exclude?

  While exclusions can vary significantly from carrier to carrier, most policies contain exclusions for the following claims (among others)

  • INSURED VS INSURED: In order to eliminate coverage for infighting, claims brought or maintained by one insured against another are excluded. These exclusions require careful review in order to ensure that coverage is maintained for derivative claims, claims brought by bankruptcy trustees, and claims maintained by whistleblowers. 
  • PRIOR ACTS / RETRO-ACTIVE DATE: Being that coverage is written on a claims made policy form, it is important to understand how such coverage operates. In short, claims arising from wrongful acts that occurred prior to the retroactive date (or issuing of the policy) are excluded, unless coverage is included for “full prior acts”.
  • PROFESSIONAL SERVICES: Claims related to, or arising from the errors, omissions and negligence while providing professional services. Coverage for such claims is more appropriately placed through an E&O policy. Careful review should be given to this exclusion, as overly broad wording has the potential to eliminate coverage entirely.
  • CONTRACTUAL EXCLUSION: Claims arising from any oral or written contracts. 
  • CYBER SECURITY EXCLUSIONS: D&O policies contain many exclusions which can limit or negate coverage for cyber related claims.
  • FRAUD, DISHONESTY & ILLEGAL PERSONAL PROFIT: Intentionally fraudulent acts committed by executives, and claims alleging illegal personal profit are always excluded. However well crafted severability exclusions will maintain coverage for “innocent insureds” that were unaware of such fraud.   
  • INFORMAL INVESTIGATIONS: While coverage may be included for informal regulatory/administrative investigations naming individual directors or officers, informal investigations against the entity itself are almost always excluded.
  • EMPLOYED GC: While some policies may in fact include in-house counsel as a named insured, policy terms and conditions often severely restrict the adequacy of such coverage. Companies interested in purchasing proper coverage for their GC’s should purchase separate employed-lawyers insurance.
  • "OTHER COVERAGE" EXCLUSIONS: Claims that are intended to be covered elsewhere are always excluded by a D&O policy, this includes: bodily injury claims that should be covered under a general liability policy, cyber related claims, and professional service related claims that should be appropriately covered by a separate E&O policy.

  Who Should Purchase Directors and Officers Insurance?

  Any company that has investors or manages employees or products has a liability exposure. And just about every company can benefit from a D&O policy. Some companies however operate in a particularly high risk environment compounding the need for directors and officers liability, such as:

  • Public companies including micro cap or nano cap companies and those trading OTC
  • Financial institutions including hedge funds, investment advisors, venture capital and private equity firms. 
  • Non-profits
  • Mid sized private companies
  • Companies seeking funding through crowdfunding, private equity or debt. As well as any companies planning an IPO or active with mergers and acquisitions.
  • Companies with distressed financials, undergoing a restructuring and/or those emerging from bankruptcy
  • High growth companies and companies looking to expand into new products, countries or sectors
  • Companies particularly affected by economic movements/downturns
  • Companies in certain industries such as: Manufacturers and brands, technology companies, financial firms and institutions, healthcare, and life-science companies.
  • In addition to the above risk factors, directors and officers insurance provides a number of advantages including: the ability to attract qualified directors and appearing more professional to investors when approaching a deal.

  Recent Trends Increasing The Importance of Executive Insurance

  • Newly announced DOJ's Yates Memo now requires misconduct disclosure in order to receive cooperation credits. The Department Of Justice is also implementing the Yates memo to enforcement actions.
  • Cyber related litigation is expected to increase in the form of consumer class actions and shareholder class actions and/or derivative claims
  • SEC is targeting smaller companies and pursuing more actions through administrative law judges
  • Litigation financing is gaining attention and expected to fuel future lawsuits against corporations and their directors.
  • Compliance officers are under greater scrutiny

  How Do Policies Differ?

  D and O insurance terms differ significantly. Some carriers agree to control the defense (taking the burden off of the company and broadening coverage), while others require the company to control the defense. Some policies contain particular exclusions such as “false advertising exclusions” which can severely limit or preclude coverage that is critical for companies like brands and manufacturers. For companies with investors/shareholders, many carriers contain a “majority shareholder exclusion” which precludes coverage for claims brought or maintained by shareholders with more than 5% ownership. These are just a few very simple examples, however there are too many to list. Entire books have been dedicated to the topic of analyzing D&O policies. While these exclusions are typically easy to identify and avoid, much of the exclusionary language is contained deep in the policy language itself, within the terms and definitions. This makes it very difficult for companies to understand what they are purchasing and nearly impossible to perform proper coverage comparisons. It also highlights the importance (and value) of partnering with an experienced insurance brokerage. 

  FAQ

  • DO HOMEOWNERS POLICIES PROVIDE D&O INSURANCE? Simply put, no, they don’t.
  • HOW MUCH DOES D&O INSURANCE COST? Policies cost less than many might assume. Policies can range from 1k per year for very small businesses or non profits to 15k for small public companies on up to 100k plus for larger organizations. But often companies may be able to eliminate duplicate coverage from other policies to help offset that cost a bit.
  • DOESN'T MY COMPANY'S INDEMNIFICATION AGREEMENT PROTECT ITS OFFICERS? Yes, however, there are situations in which your company may not be able to indemnify you, such as when it is insolvent or prevented from doing so by law.
  • CAN A CLAIM PIERCE THE CORPORATE VEIL? Corporate veils do protect companies…to a certain extent. But court rulings can be unpredictable, and in certain situations corporate status can be bypassed effectively exposing the directors and officers’ personal assets. Claims asserting fraud, claims asserted by creditors that suffered from “gross under-capitalization”, and claims related to the commingling of assets are all examples of claims that can result in a piercing of the corporate veil. Companies that are "closely held" are also more likely to encounter such claims. 
  • AREN'T WE PROTECTED BY THE BUSINESS JUDGEMENT RULE? The business judgement rule has long provided a certain layer of protection to officers when making business decisions. However, without getting overly technical, many recent court cases indicate that the business judgement rule does not provide the same level of protection that it had years ago. 
  • WHAT SHOULD WE LOOK FOR? There are too many considerations to list here, however premium should only play a small role in that decision - simply seeking the lowest premium will often yield bad results. When shopping for d and o insurance, the most important considerations should be partnering with an experienced D&O insurance broker who can assist with performing an assessment of the policy language and any necessary coverage negotiations. GB&A is licensed in numerous states across the country including New York, California, and Texas (among others).
  • FOR MORE TIPS: Please see our D&O purchasing guide.
  More on this insight

• Cyber Risk Insurance Guide

  With data breaches occurring on a weekly basis, cyber security has consistently ranked among the top risk concerns for executives over the past few years. And cyber criminals are only becoming more sophisticated with intrusions becoming more frequent. While there is no substitute for a strong cyber framework and security controls, cyber liability insurance often serves as an organizations last line of defense when all else fails. However cyber policies are often misunderstood.

  What is Cyber Insurance?

  Simply put, cyber risk insurance (also known as data breach insurance) provides protection for cyber risk and cyber related events. Data breaches and theft of personal information are simply one segment of cyber risk, there are many. Cyber policies provide 2 main coverage components. The first component is first party coverage, which is essentially balance sheet protection – the organization suffers financial damage such as lost income, an extortion demand, required notification costs (or credit monitoring costs), or network/data restoration costs, and the insurer reimburses the company for the damages sustained. The second coverage component is third party coverage, which provides defense costs (attorney’s fees), damages, and settlements for claims and lawsuits that result from errors and security failures (among other incidents). These damages can result from employee or privacy violations, transmission of a virus to another party or in the form of a regulatory action, to name a few. Cyber policies can either be purchased as a basic endorsement added onto a general liability policy, providing limited coverage, or they can be purchased as a stand-alone policy which provides significantly broader coverage. When purchasing a stand-alone policy, companies can select their coverages of interest in order to match their risk profile. Available insuring agreements include.

  • NETWORK SECURITY & PRIVACY LIABILITY: This agreement provides coverage for defense costs, damages, and expenses arising from theft or improper disclosure of confidential information in your care, custody or control (or in the custody of a cloud provider). Contrary to what many companies think, that data is not limited to credit cards and social security numbers, it also includes employee information (such as tax forms), health information, and corporate confidential information such as intellectual property and financial data. The data also also does not always have to be in digital form and stolen by hackers, a privacy incident may arise from paper records being improperly disposed of. In fact, human error accounts for a large percentage of privacy incidents. Lastly, coverage can also be included for failing to disclose a breach and claims related to improper privacy policies or data collection practices.
  • MEDIA LIABILITY: A form of coverage for advertising and publishing injury, this insurance provides defense costs and damages for claims asserting copyright infringement and negligent publication of media (among others) while publishing content online and via social media channels.
  • ERRORS AND OMISSIONS (E&O): While not included in all cyber policies, some carriers include an E&O insurance component which provides coverage for financial damages sustained by third parties (such as clients and customers) when your services fail. Examples might include software and service failures or poor advice by IT consultants. It is however important to note that E&O coverage differs greatly. Well structured E&O policies should extend coverage to include claims resulting from breach of warranty, breach of contract and/or claims asserting failure to deliver.
  • REGULATORY DEFENSE AND PENALTIES: This insuring agreement provides attorney’s fees and costs associated with formal regulatory or administrative investigations. It also provides coverage for any resulting fines or penalties. With regulators such as the FTC, SEC and OCR increasing cyber enforcement, regulatory defense coverage is increasingly important. Enforcement actions can result from any of the below. For more information on assessing the scope of regulatory coverage and term negotiation, please see our guide.
    • Security failures such as failure to protect data (including employee information)
    • Improper data collection practices
    • Failure to disclose a breach
    • Deceptive privacy practices
  • EXTORTION / RANSOMWARE: Provides coverage for associated costs, lost income and extortion demands resulting from ransomware attacks that might hold a website, data or software “hostage”. 
  • DATA BREACH RESPONSE COSTS: The costs incurred with responding to a data breach can be significant. Some figures estimate between $100 and $200 per infected record. Data breach response coverage provides coverage for the costs of any required forensic investigation, identity restoration costs, notification costs and credit monitoring costs.
  • CRISIS MANAGEMENT EXPENSES: Data breaches can inflict significant damage to a company’s reputation. Restoring consumer confidence can be difficult. As a form of reputation insurance, this agreement provides coverage for the organization to hire a PR firm in order to help rebuild the organization’s brand and reputation. It should be noted that lost income resulting from brand damage is however, never covered.
  • BUSINESS INTERRUPTION & DATA RESTORATION: Data breaches, DDOS attacks, ransom attacks and system failures can often result in lost profits, especially if sustained for a prolonged period. These attacks can also result in the theft or corruption of critical data and network damage which may need to be restored. This insurance agreement provides coverage for the resulting lost income and costs to restore data and networks. Some insurers limit this coverage only to security incidents, while others will also provide coverage for lost income resulting from a system outage. Some will limit coverage only to attacks directly affecting your networks, while others will extend coverage to incidents that might affect a cloud provider or business service provider.

  What type of claims are covered by Cyber Liability Insurance?

  • Extortion and Ransomware attacks resulting in lost income, extortion demands and data and restoration costs
  • Virus infections of computer systems that destroy or corrupt data and networks requiring restoration.
  • DDOS attacks resulting in lost income and financial damages to clients that might not be able to access data or utilize services.
  • Data breaches and/or clerical errors (such as loss of a laptop with protected data) resulting in notification costs, credit monitoring, identity restoration costs, potential regulatory investigation and penalties, and potential consumer or shareholder class action.
  • Improper privacy policies and/or data collection practices resulting in regulatory investigation and penalties and potential consumer or shareholder class action.
  • Transmission of a virus or malware to a client or vendor resulting in defense costs and damages sustained by the injured party.

  How Do Cyber Policies Differ?

  Network insurance contains too many variables to outline here. Some provide only third party coverage, where others include full first party coverage. Some contain numerous exclusions where others are more liberal. Exclusions also do not have be explicitly scheduled, often exclusionary language is contained deep within the definitions and conditions of the policy. Below are just a few examples of some of the coverage variables:

  • PAPER FILES: All policies provide coverage for digitally stored data, however many companies also may utilize paper files as well, such as applications, tax forms, employee records, health records, etc. Some policies contain exclusions for losses arising from the theft or disclosure of paper records.
  • ENCRYPTION: While data encryption is a wise recommendation, some companies may choose not to encrypt, or occasionally transmit or store data that is unencrypted. Some policies contain an encryption requirement, precluding coverage for any claims that arise from breaches that affect unencrypted data.  
  • SECURITY STANDARDS: Some cyber risk insurance policies contain a condition precedent to coverage, requiring that the organization employ a certain level of security measures. Failure to do so can nullify coverage.
  • VIRUSES: Viruses can wreak havoc on a network resulting in lost income and significant restoration costs. Some coverage contains a specific exclusion for damage caused by viruses and/or any “self-propagating code”
  • BODILY INJURY AND PROPERTY DAMAGES: Many cyber policies contain broad exclusions for any intrusions that result in bodily injury or property damage. These exclusions can be particularly problematic for the healthcare, technology and manufacturing sectors. If your company has any such exposure it is important to seek coverage with a carrier that provides coverage for any contingent BI/PD claims. 
  • VENDORS & OFFSITE COMPUTERS: Most companies rely on third party software in one form or another. Whether it be a cloud provider, SAAS software or compliance program. Security incidents that affect your business service provider or off site computer systems can result in claims against your company. Ranging from lost profits to privacy violations. It can also result in lost business income. Some carriers include within their definitions, coverage for breaches that affect service providers and offsite computer systems while others intentionally preclude such language.
  • DATA: The definition of data is an important consideration. Especially for organizations that work more with corporate information. Some policies take an extremely narrow stance on defining data, simply as, drivers license information, dates of birth and social security information. Others contain more liberal definitions which include health information and corporate confidential information. Purchasing a policy with a narrow definition can significantly compromise coverage.
  • FAILURE TO DISCLOSE A BREACH: Your employee lost a laptop with thousands of records on it, do you report it? With all of the breach notification laws differing state by state, and cross border laws posing an even greater challenge, knowing when a breach must be disclosed can be difficult. However, failing to do so can result in additional damages and regulatory enforcement. Some policies provide coverage for such claims, others do not.
  • UNAUTHORIZED COLLECTION OF DATA: Most companies collect some degree of consumer data. But ensuring that your privacy policies and opt-in and opt-out practices are all accurate and transparent can be difficult. When data is collected improperly, claims can be close behind. Most policies contain some sort of exclusion for claims arising out of data collection practices, however a few insurers contain no such exclusion. Even when coverage is included terms can vary.

  What other coverage Do I need?

  • D&O INSURANCE: When cyber breaches result in consumer or shareholder class actions, a properly structured directors and officers insurance policy may be the best protection. Depending on the claims asserted, policy language, and specifics of the loss, a D&O policy may or may not extend coverage, however due to the wide range of coverage provided by D&O policies, it is generally a wise placement nonetheless.
  • CRIME & SOCIAL ENGINEERING INSURANCE: An often overlooked component of a strong cyber program is crime coverage. Crime insurance (with a properly structured social engineering endorsement) is particularly critical for protection against social engineering attacks and funds transfer fraud which are increasing in frequency and severity.

  Recent Trends Increasing Cyber Risk

  • With larger organizations investing more resources into their cyber security frameworks, and smaller organizations lacking proper security, cyber attacks are trickling down to mid -sized and smaller companies with greater frequency.  
  • Ransom demands have historically been on the lower side, however these demands are expected to increase which will result in greater damages for companies affected by extortion attacks.
  • In addition to attacks becoming more sophisticated, malware is becoming smarter and the underground cyber crime marketplace (dark-web) is growing with more available code and a greater number of users, which will result in an increase in data breaches.
  • Regulatory agencies such as the SEC and FTC are increasing their oversight of cyber security, bringing a greater number of enforcement actions against companies that: fail to prevent against a breach, fail to disclose a breach, or improperly collect consumer information. They have also voiced interest in pursuing actions against smaller companies.

  Who Needs Cyber Liability Insurance?

  • Public companies including micro cap and nano cap companies and those trading OTC.
  • Professional firms of all sizes - particularly professionals that work with public companies, including consultants, accountants and lawyers
  • Companies subject to regulatory oversight such as financial institutions and government contractors
  • Smaller & mid-sized businesses. It is estimated that 60-80% of breaches affected smaller the SME sector. In 2015 alone there were 781 breaches as reported by ITRC.
  • Higher risk industries such retailers, financial firms, healthcare, technology companies, educational institutions, hotels and hospitality companies, manufacturers and professional service firms.

  FAQ

  • IS CYBER RISK COVERED BY GENERAL LIABILITY INSURANCE? No, while there have been a select few cases where companies have been able to successfully assert data breach insurance under their general liability policies, the very short, simple answer is that CGL policies provide no such coverage.
  • HOW MUCH DOES CYBER INSURANCE COST? Cyber insurance is not as expensive as many companies assume. It will depend on the limits and coverage chosen, type of data and number of records among other items, however simple endorsements can cost as little as $400 per year with broader stand-alone policies starting at $1,000 to $1,500 per year working their way over 10k depending on the risk profile.
  • DO BREACHES AFFECT SMALL BUSINESSES? Yes, it is estimated that 50% to 70% of breaches affect the SME sector (small and mid-sized enterprises)
  • WE USE A 3RD PARTY PROVIDER, DO WE NEED DATA BREACH INSURANCE? Yes, security and protection of your client’s data is still your responsibility. If and when a lawsuit occurs, multiple parties will be named. Cyber insurance has not advanced to the point of being able to add an “additional insured” to the policy, so, while it is best practice to ensure your cloud provider has their own insurance, it will not provide you any protection.
  • WE DON'T STORE ANY PERSONAL INFORMATION, DO WE STILL NEED COVERAGE? Yes, as we have outlined above, breaches do not solely target PII (personal information) in fact health records are even more valuable. Cyber criminals have also been targeting corporate non-public information such as IP and financials.
  • WILL THIS POLICY PROVIDE PROTECTION FOR THEFT OF OUR IP? No, first party coverage for theft of IP is never covered by network insurance. For more advice on protecting your IP, please see our recent article for BNA.
  • IS THERE ANYTHING ELSE I SHOULD BE AWARE OF? While the above serves as a good overall guide - it's important to understand that cyber insurance policies are not standardized like other insurance. This means that they differ considerable in their coverage terms, definitions, exclusions, etc. For this reason it is important to partner with an insurance broker who is experienced with cyber risk insurance. GB&A is licensed in numerous states across the country including New York, California, and Texas (among others).
  More on this insight

• EPLI Insurance Guide

  Managing employees carries risk - behind every employment decision is a potential lawsuit. Prospective employees that are not hired may believe they were discriminated against, employees working long hours may believe they are not being properly compensated or promoted, and employees that are let go may be believe they were wrongfully terminated. EPL insurance (also known as employment practices liability insurance) provides coverage for defense costs, damages and claim expenses incurred resulting from employment related claims. It also provides a team of specialized attorneys that the organization can consult when making difficult employment decisions, in order to minimize the likelihood of a claim and any resulting damages. For directors looking to perform in depth policy reviews, we have published both a D&O Checklist and EPLI Checklist to assist with coverage assessments. 

  What Does EPLI Insurance Cover?

  As briefly mentioned above, employment related claims can arise from a broad range of accusations. Depending on the business and its industry, certain claims may be more prevalent than others as demonstrated below. 

  • FAILURE TO HIRE & FAILURE TO PROMOTE: While these claims can affect any business, “failure to make partner” claims are particularly prevalent against law firms, asserted by employees/attorneys, that, after dedicating years of long hours are denied partner status or promised promotions. 
  • WRONGFUL TERMINATION & BREACH OF EMPLOYMENT CONTRACT: The employment at will doctrine isn’t ironclad and eliminating the position after termination wont always prevent a claim. Employees that are fired may often assert breaches of good faith and/or fraudulent inducement (among others).
  • DISCRIMINATION & EEOC ACTIONS: Many companies are male dominated at the executive level and regularly seek younger candidates. Both of which can easily give rise to gender and age discrimination claims. Additionally, the EEOC provides a convenient (and cost effective) avenue to employees that believe they have been discriminated against. These claims are not solely limited to blatant race or gender discrimination. Activities such as: improper criminal background checks on applications and questions related to family medical history on job applications can also result in EEOC actions. 
  • WAGE & HOUR CLAIMS: Wage and hour claims are filed when employees believe that their employer has misclassified them as an exempt employee, they are working excessive hours, or believe they are not receiving appropriate pay/benefits. Wage and hour claims have grown significantly over the past few years. Even claims without merit can be costly to defend. 
  • SEXUAL HARASSMENT: Workplace sexual harassment can assert a myriad of accusations including improper comments, inappropriate advances, and unwelcome conduct. Industries which are male dominated with a younger workforce (such as technology companies and financial firms) are increasingly exposed to such claims. 
  • 3rd PARTY CLAIMS: Third party EPLI insurance is particularly important for businesses with a large client base and those that deal a lot with the public such as retailers, restaurants and commercial real estate owners. It provides protection against claims asserted by customers, vendors and other 3rd parties. These can range from violations of the ADA act (such as failing to provide wheelchair access) to accusations of sexual harassment to discrimination claims by clients alleging they were discriminated against or did not receive the same level of professional attention. Not all policies provide 3rd party coverage, which is why it is important to perform a careful assessment. 

  How Is EPLI Purchased? 

  • EPLI ENDORSEMENT: Adding an EPLI endorsement to an existing liability policy is one approach to purchasing coverage. This approach however does have its downsides. Often, coverage is sub-limited to a limit of 100k, 250k or 500k (inclusive of defense costs) which often does not provide enough coverage. Additionally, the coverage provided is usually relatively basic. For example, among other claims, these endorsements usually do not provide coverage for: wage and hour claims, claims asserting breaches of employment contracts, or 3rd party claims asserted by clients or vendors. While an endorsement may be acceptable for small businesses, organizations seeking broad coverage will want to avoid such endorsements.
  • D&O POLICY: Packaging EPL insurance through a D&O policy is generally the most common approach for many reasons. Most importantly, the coverage provided is broad.  Employment claims also account for a considerable percentage of claims asserted against private company directors and officers. Lastly, it eliminates the need to manage multiple policies and is cost efficient for what it provides.  
  • STAND ALONE POLICY: There are four main reasons companies may prefer to purchase a separate, stand-alone EPLI insurance: 1) companies interested in preserving their D&O limits solely for “true” D&O claims, 2) companies disinterested in D&O coverage and looking to obtain a more cost efficient EPLI policy without including D&O, and 3) companies that have sustained prior claims making it difficult to package with their D&O insurance, and 4) organizations seeking the broadest possible coverage with terms they can more easily negotiate. 

  Basic Terms Of EPLI Insurance

  • DUTY VS NON-DUTY TO DEFEND: The duty to defend is an important element within professional and management liability insurance policies. It effectively tenders the responsibility of the defense onto the insurance carrier, removing the burden from the insured. In addition it also provides a team of experts for consultation. Most companies will want to avoid purchasing any policies that are written on a non-duty to defend (duty to indemnify) basis.
  • DEFENSE COSTS: When setting policy limits, employment practice insurance policies can be written one of two ways: 1) with defense costs included in the limit, or 2) defense costs “outside” of the limit. Being that defense costs account for such a significant portion of the claim, this is an important area of critique. A policy with a 1 Mill limit which is inclusive of defense costs provides substantially less coverage than a policy with a 1 Mill limit which provides defense costs “outside”. Arguably, such a policy could be viewed as effectively maintaining a 2 Mill limit or higher.   
  • DEFINITION OF “EMPLOYEE”: As is the case with all professional and management liability insurance, all definitions must be reviewed carefully. Definitions of employees are however particularly important and should include: 1) partners, managers, LLC members 2) part time employees, interns and volunteers, 3) independent contractors and 4) prospective and prior employees. 
  • MISC EXCLUSIONS: While the above serves as a very general guide to some of the more important terms/exclusions contained within EPLI policies that are still man others that require assessment (and negotiation) such as exclusions for breaches of employment contracts and/or regulatory/EEOC actions.

  Recent Trends Increasing Employment Claims

  • Gender (and trans-gender) equality issues are posing new challenges for corporations 
  • Pay equity claims are sprouting up in certain states (such as NY and CA) alleging compensation disparities between races, genders, etc.
  • Genetic discrimination claims are on the rise.
  • The EEOC has been actively pursuing companies for improper use of criminal background checks on employment applications. 
  • Website ADA (americans with disabilities act) claims are on the rise brought by persons with disabilities asserting that they are unfairly being denied access to websites which do not provide proper audio/visual assistance. 
  • Mobile devices make it easier than ever for employees to record and document questionable workplace practices.
  • Social media is creating workplace challenges for companies who are basing employment/termination decisions on employees’ social media usage
  • DOL (Dept Of Labor) has been discussing the implementation of new overtime laws which would qualify previously exempt employees
  • Many industries, such as the tech and finance sectors actively seek younger persons, resulting in inadvertent potential age discrimination based claims. 

  FAQ

  • AREN’T EMPLOYMENT CLAIMS COVERED BY MY LIABILITY POLICY? Maybe. As we have referenced above, some policies do extend some coverage via a basic endorsement. However these endorsements generally only provide a basic level of coverage subject to usually low sub-limits which may not provide enough protection. 
  • HOW MUCH DOES EPLI COST? EPLI insurance premiums depend on a number of factors. The number of employees, and business industry are the most obvious rating factors. Generally speaking, a basic EPLI endorsement for a small company may cost as little as $300, while stand-alone policies and coverage purchased under D&O packages will often begin at $1,000. 
  • DOESN’T THE EMPLOYMENT AT WILL DOCTRINE PROTECT US? The short answer is no. Employment at will doctrines may protect companies from some wrongful termination claims but it does not eliminate the possibility of lawsuits entirely. Wrongful termination claims are also only a small portion of potential claims against directors & officers of a company. There are a myriad of others as highlighted above. 
  More on this insight