Michael Pryce outlines the latest developments in risk management and insurance.
There is little doubt that managing and assessing risk within an organisation is a highly complex task at the best of times, irrespective of an organisation’s size.
For larger organisations, it is difficult because of the broad range of issues and stakeholders involved.
For smaller organisations, the lack of resources and skills across the broad spectrum of risk assessment and in management makes it an arduous task.
Just managing the risk faced by the board itself can be mindboggling.
Indeed, there are more than 800 federal and state laws under which directors could be liable.
At AIG, we work with our listed clients to manage the legal minefield surrounding compliance with the continuous disclosure regime.
Many companies have procedures for minimising such breaches, but they do not always develop a contingency plan to determine how the company will operate in the event of a breach and subsequent class action.
Having a strategy that encourages risk minimisation in partnership with a tried and tested contingency plan is essential to a comprehensive approach to risk management.
It is very difficult for any business to ensure it complies with the patchwork of employment and health and safety laws, be it managing the recruitment process, undertaking dismissals or addressing injury in the workplace.
In many cases, even when a rigorous compliance process is in place, a simple risk management breach can involve costly regulatory and legal repercussions that the organisation may not have considered.
Often these costs are not just for the immediate legal representation fees, but are less obvious, such as public relations fees to protect against reputational damage and loss of management time.
These costs often escalate when the matter is mishandled, irrespective of fault by those involved.
One benefit of partnering with an experienced insurance company that provides comprehensive insurance is that the policyholder can be provided with access to such professionals.
Another fast-growing area of potential risk management failure centres around data and cyber risk, with a recent survey suggesting directors consider this as one of their top five areas of concern.
This risk infiltrates all areas of a business, whether it is customer data held by a sales team, employee data controlled by payroll or information managed by the finance department.
The introduction of the Australian Privacy Amendment Act, which came into force on 12 March 2014, has given many organisations the opportunity to address cyber and data risks within a formal risk management regime, which should include:
- Mapping cyber risks, including interdependencies and measuring impact and probability.
- Implementing protection procedures and conducting regular audits.
- Backstopping these procedures with insurance.
Directors need to consider what liability falls on them by not managing these exposures, especially now that businesses can be hit with fines of up to $1.7 million and individuals can face fines of $340,000 per incident.
Insurance purchasing trends
With the increasing number of employment disputes in Australia, particularly the highly publicised matters involving multimillion dollar awards, we have seen large organisations show renewed interest in insuring not only directors’ and officers’ (D&O) risks, but also employment practices liability (EPL) and crime.
It is widely believed that around 80 per cent of small- and medium-sized enterprises do not buy any form of management liability insurance – a package-style policy covering a myriad of D&O, EPL and crime exposures.
Most often, management liability policies respond to the increasing number of employment disputes and fraud by employees and other parties.
Good management liability policies will provide access to legal and other professional resources that can help a small business, particularly early in the claims process, in areas such as employment disputes and investigations for fraud. We would encourage all small businesses to look at these types of protection, as they are cost-effective and provide access to a host of valuable resources.
When it comes to directors avoiding common and expensive mistakes when arranging insurance cover, it is always worth considering the broader value of an insurance policy.
With the wide range of D&O, EPL and crime insurance policies available, the first step is selecting a good insurance broker.
A good broker should understand the clients’ business, the risks that should be insured and the cover that should be considered, and will work with the client to integrate this into the organisation’s risk management approach.
Each year, a review should be conducted to determine how the business has changed and what new risks have emerged, and adjust the insurance program accordingly.
Directors often ask three questions when looking at their insurance:
- Is the limit sufficient?
- Does the breadth of cover meet our requirements?
- What is the cost?
While we acknowledge that the current economic environment calls for cost savings, we cannot reiterate enough the old saying “you get what you pay for”, particularly when it comes to a claim.
We would look for an experienced business insurance partner and suggest that there are two additional questions that should be posed:
- What is the reputation and experience of the insurer’s claims team?
- Can the insurer “add value” to my business by providing me with its insights into how to minimise the risk of litigation and emerging risks that we might face?
A good insurer should be able to share its experience on how to manage and react to serious litigation, whether it be in regards to an investigation by the Australian Securities and Investments Commission, or allegations from an aggressive plaintiff law firm backed by a litigation funder.
A recommendation we would make to all buyers of insurance, particularly directors, is to ensure their insurance broker keeps them advised of developments in coverage.
Good insurers are open to discussing how a policy can be developed to meet the client’s specific requirements and will meet reasonable requests with innovation.
An interesting debate continues with many directors who are D&O savvy querying whether an organisations’ D&O policy should also provide cover to the company for company securities litigation.
This cover is sometimes referred to as “Side C” and covers scenarios such as a class action for a breach of continuous disclosure against the company. However, what can occur is that the D&O policy is depleted in the defence of the company and the directors are left bare. One solution available is the option of buying a separate company securities policy, ensuring the cost of defending the directors is ring-fenced.
The time at which a claim is made can often be a very personal experience for directors and can include criticism in the media, allegations that may damage their reputations and the threat of expensive costs. Having a comprehensive policy that will directly assist them means there is one less issue to worry about.
New insurance cover
Insurance is mostly associated with material objects. However, with intangible assets such as reputation and brand often being the most valuable for an organisation, insurers are grappling with how to provide meaningful protection.
In a 2013 Deloitte survey, conducted by Forbes Insight, reputational damage was the overall top risk across the majority of industry segments. Deloitte said this was “due in large part to the rise of social media, which enabled instant global communications, making it harder for companies to control how they were perceived”.
As any business will appreciate, valuing an intangible asset such as reputation, understanding how it may appreciate or depreciate and determining how to manage such a risk is an incredibly complex task.
Addressing this particular area of exposure is certainly on the insurance industry’s agenda and I strongly believe that there will be significant developments in this field in the coming year.
The other area that we are likely to see develop through 2014 is the delivery of policies that provide long-term certainty and price consistency to directors and businesses, particularly for larger clients. Policies that automatically renew year on year through an “evergreen feature” are being slowly introduced to the Australian market to reduce the amount of time and money businesses need for an insurance renewal.
When insurers know that all publicly-traded companies disclose the same information via the Australian Securities Exchange that they ask for during a renewal, it makes sense to do away with an outdated renewal process and increase efficiency. This will allow both the insurer and client to engage in robust dialogue as and when it is required to ensure comprehensive cover and to address risk management issues.
Already a member?
Login to view this content