IBA: How are emerging technologies such as blockchain and cryptocurrency impacting how financial institutions are being insured?
John Huggins: Given the generally conservative approach that traditional financial institutions take with emerging technologies like blockchain, these insureds have not been greatly impacted from an insurance standpoint. To the contrary, the fintech firms, and the private equity and venture capital firms that invest in them, have seen a direct impact on their insurance programs. While most market participants and observers agree that blockchain is here to stay and will at some point be heavily deployed in financial services, insurance underwriters in the D&O and professional liability realms are taking a reserved and measured approach to extending coverage and limits.
At this point, there seems to be a very limited insurance market for firms involved with cryptocurrencies, given the persistent questions about the regulatory environment surrounding these new financial instruments.
IBA: Are there other trends affecting how financial institutions are insured?
LaJean Walton: The #MeToo movement has affected FIs just as it has most other types of businesses. There has been an uptick in EPLI-related claims, [and] judgments and settlements also seem to be on the upswing, especially in the most egregious cases. Also of concern is that even when statutes of limitations preclude an EPLI lawsuit being filed, D&O lawsuits can still be brought as part of what are becoming known as ‘eventdriven’ lawsuits.
Cyber terrorism and data security issues are perhaps the biggest areas of concern for FIs these days. FIs are realizing that there is very little standardization in the cyber insurance market, and they need to review the various options that are available. Of particular concern is coverage for vendor-driven exposures, contingent property damage, contingent bodily injury, business interruption and more. FIs are also taking a closer look at the wording of war exclusions and negotiating narrower wording and broader coverage in this area, given the active role that foreign governments have played in recent ransomware events.
Mergers and acquisitions in the FI arena are happening at an all-time record pace. While this is most noticeable in banking, it also persists in fintech and other FI classes. When one or both of the parties involved in an M&A transaction is publicly traded, a merger objection investigation or lawsuit almost always quickly follows the announcement. While most of these types of lawsuits never result in any negative findings, it can still cost a great deal to respond to them.
IBA: How do external factors like regulations impact FI clients and their insurance policies?
JH: Today, with all 50 states having data security legislation on the books, FIs are seeing an increase in the diligence their regulators are employing when reviewing their data security stance, as well as their insurance purchases. It is also clear that as more millennials enter their client base, FIs must respond by offering more technology-based services. Often, placing a tech E&O product in addition to the traditional professional lines for these firms is recommended, depending on the particulars of their offerings.
Also, FIs need to consider how they may be directly subjected to additional privacy laws such as HIPAA. FIs such as banks that are involved in healthcare payment lock-boxing, or those that work with health insurers and managed care organizations, should consult with their legal counsel and IT experts to ensure that they are in compliance with HIPAA and other healthcare-related regulations. Likewise, insurance companies should consider their exposure to HIPAA-related data and be certain that they have adequate coverage based on the type and volume of data they have on hand.
GDPR also seems to be an area that deserves more consideration from FIs to understand and manage their exposure. FIs that actively do business with European nationals should consider working with legal and IT experts to ascertain the applicability of the law to their operation.
IBA: Are there areas where you find financial institutions to be commonly underinsured or misinformed?
LW: Lending organizations, banks and others seem to still be somewhat uninformed about the availability of broad mortgage protection/ impairment coverage. Non-standard lending organizations should also be aware of their exposure to allegations of lending-related wrongful acts, similar to a more typical bank.
Cyber coverage also still needs more discussion in FI circles. All cyber coverages are not equal, and there is still a wide disparity in coverages that are available from a wide range of insurance carriers. FIs of all types should insist on being provided several options from several carriers and be provided with a concise description of the differences between each. In the vast majority of cases, we counsel insureds not to accept cyber coverage that is bolted onto their D&O policies, given the breadth of coverage and services available from the specialty markets.
While often considered exclusively a concern of publicly traded firms, options for excess Side A DIC D&O coverage should be reviewed by most FI firms, given the potential for personal liability that can be attached to managers and directors of these organizations.