$1 Million Theft Excluded from Coverage
In July 2012, John Moon, one of the owners of Alphacare Services Inc., which performed payroll services for Construction Contractors (Contractors), told Contractors that AlphaCare did not have enough assets to pay payroll, taxes or benefits expenses for Contractors’ subscribers.
Eventually, auditors informed Contractors that Moon (who was charged in May 2016 by the U.S. Attorney’s Office and is awaiting trial for wire fraud) had wire-transferred about $930,000 from Construction Contractors’ funds to use for personal and AlphaCare expenses, leaving the company with substantial unpaid tax liabilities, according to court documents.
On Jan. 10, 2013, Contractors purchased a crime insurance policy, which included coverage for employee theft, from Federal Insurance Co. It advised the insurer there was still about $1 million that was unaccounted for.
Contractors later discovered the missing $1 million was stolen by check, and it submitted a claim for that amount with the carrier, according to court documents.
Federal Insurance denied the claim, saying all of the losses were a single loss under the policy because the insured had already discovered there was a loss prior to taking on the policy.
After a hearing in the U.S. District Court for the Northern District of Ohio at Toledo, the court agreed.
On July 11, the U.S. 6th Circuit Court of Appeals upheld the decision.
“Because Construction Contractors discovered the wire fraud prior to the policy’s execution and the check theft and wire fraud constitute a single loss, the check-theft loss is excluded from coverage under the policy,” the court ruled.
Scorecard: The insurance company does not need to pay the $1 million theft claim.
Takeaway: The insured was aware of the loss “even if ‘the exact amount or details … are unknown.’ ”
Ruling Modifies ‘Care, Custody and Control’
In January 2013, Texas Trailer Corp., under the direction of the American Bureau of Shipping (ABS), tested a container designed by EPMP Ltd. and SandCan LLC to store and deliver sand from a mine to a well site.
Applying excess weight to the container deformed the corner castings and subsequent tests deformed the container, eventually causing a crack in the corner casting weld. The crack constituted a failure of the certification test.
EPMP and SandCan sued both Texas Trailer and ABS for damages. Texas Trailer (TTC) sought a defense from National Union Fire Insurance Co., but the insurer said the policy did not cover the damage.
After a jury found that only ABS had been negligent, not Texas Trailer, TTC sued National Union for reimbursement of litigation costs in excess of its $100,000 per occurrence retained limit, and breach of contract. The carrier sought a summary judgment on the trailer company’s claims.
On June 28, the U.S. District Court in the Northern District of Texas ruled in favor of National Union.
At issue was whether an exclusion for damage of property in the “care, custody or control” of the insured excluded coverage of the claim. The insured argued the container was only within its “physical control,” and not its “care, custody or control.”
The insurer “need only show that the property was ‘under the immediate supervision of the insured and [was] a necessary element of the work involved,’ ” the court ruled. “ABS may have designed the tests, but TTC actually performed them.”
Scorecard: National Union was not required to pay Texas Trailer’s litigation costs.
Takeaway: TTC’s argument that it acted under ABS’ guidelines was not sufficient to prevent the court from ruling that TTC had “care, custody or control” of the container.
The Meaning of ‘Collapse’
In 2014, renovations at the Masters Apartments revealed “substantial structural impairment” due to decayed rim joists.
CHL LLC, owner of the Seattle apartment complex, submitted a claim to American Economy Insurance Co., which had issued commercial property insurance from 1999 to 2005. An engineer hired by the insurer said the structural damage occurred between 1999 and 2002, and that a building inspector would classify it as a “dangerous” building.
American Economy denied CHL’s claim, saying the damage did not trigger coverage, as “collapse,” as defined by the policy from 2002 to 2005, required the building to fall down or be in imminent danger of falling down for a claim to be paid. (Prior to 2002, the term “collapse” was undefined.)
The insurance company filed a lawsuit in the U.S. District Court for the Western District of Washington at Seattle seeking a judgment that it did not need to indemnify the claim.
On July 7, the court ruled in favor of the insurance company and dismissed the case.
Given that Masters Apartments remained upright for 12 years after the apparent decay occurred, the court ruled, the building did not reach a state of collapse between 1999 and 2002, when American Economy provided coverage.
Scorecard: The insurance company did not need to pay for renovations to the apartment complex.
Takeaway: Depending on the state, interpretation of “collapse” can range from a building that has a non-imminent substantial impairment of structural integrity to a building that has actually fallen down.
The Sport of Stealing
From coast to coast and from small towns to major metroplexes, fraud and embezzlement are striking American youth sports leagues.
Since 2011, the Center for Fraud Prevention (CFP), estimates there have been hundreds of arrests and convictions in 43 states involving 15 sports.
About $2 million was stolen or embezzled from 37 youth baseball entities alone since 2009, according to an article in Vice Sports.
What makes these organizations uniquely vulnerable to crime?
The CFP, which helps youth sports associations fight theft and embezzlement, said there are several key factors: Community members working with the leagues are volunteers, many organizations lack formal oversight structures and there is a tendency to trust those who give their time to run youth sports associations.
And with the flow of cash from membership fees to fund-raising events, theft is often inevitable.
The good news is that coverages are available to deal with losses, according to John M. Sadler, president of Sadler Sports and Recreation Insurance, in Columbia, S.C., which works with more than 9,500 local and 30 national sports organizations through various special programs.
“Crime insurance is the most important coverage for an amateur sports league to protect against internal theft, which may take the form of embezzlement from bank accounts, unauthorized personal charges on credit cards, theft of equipment, and skimming gate admission payments,” he said.
Formerly known as a fidelity bond, crime insurance is typically a “modular policy” consisting of employee dishonesty, forgery and alteration, and theft of money and securities. The coverage can also include computer fraud and electronic funds transfer fraud, he said.
“The employee dishonesty coverage part is most applicable to internal theft,” Sadler said.
Dario J. Nalli, director, executive lines, Burns & Wilcox, said amateur sports leagues should also consider purchasing directors and officers (D&O) coverage, in addition to a commercial crime policy.
Commercial crime insurance protects the entity of theft by employees of either money or property, including forgery of checks for their own purposes or misuse of a company credit card to purchase personal gifts, he said.
“For any of these organizations, having a commercial crime policy would be key,” Nalli said, noting that it can be pretty inexpensive, with limits offered as low as $100,000. Smaller organizations that need smaller limits may opt for a business owners policy (BOP) with additional endorsements for crime and employment practices liability coverage.
D&O insurance, of course, protects an organization’s management should a theft or embezzlement happen.
“If there are no checks and balances, it makes it easy to write fraudulent checks.” — Dario J. Nalli, director, executive lines, Burns & Wilcox
“No matter the type of organization, if you sit on a board or have management responsibility, you could be liable for decisions made in that role,” he said.
That means a member of the board for a school or athletics organization is responsible for the organization’s assets and funds, and can be accused of mismanagement and potentially face liability should a theft occur.
“Whether or not the claim has any grounds, the individual and organization would still have to defend themselves in court,” Nalli said. “D&O polices provide the much needed defense cost coverage that can bail out a nonprofit organization from using their own assets or an individual from using their own assets.”
If a youth sports treasurer, for example, stole money over the course of years from an organization, a D&O policy would cover defense costs for those in management roles who were unaware of the theft while a the commercial crime policy would cover the stolen funds.
Leagues should also consider policies that would provide coverage for volunteers; non-compensated officers; specified directors, trustees and committee members; partners; and service providers, he said.
Because sports leagues have high turnover, Sadler said blanket employee coverage might be better than specifically naming insureds.
To prevent such incidents from occurring, however, Sadler said amateur sports organizations should:
- Create a separation of duties so that no single person has control over any one process or audit procedure.
- Understand that organizations run by a close group of long-time staff members who have built up a great deal of trust among one another are fertile grounds for insider theft.
- Require a counter-signature on all checks or on checks over a certain amount.
- The person who reconciles the bank account should not be authorized to deposit or withdraw.
- If credit cards or debit cards are used, authorized users should not be tasked with reviewing the monthly statements (another officer should take over these duties).
- Keep detailed inventory records of all equipment and require a log to be maintained when equipment is assigned or checked out.
- Create an audit committee to review all financial records, account statements, and to take an inventory of all equipment.
- Collect checks instead of cash during fund-raisers.
Burns & Wilcox’s Nalli said it’s critical to ensure that the right policies and procedures are in place, with checks and balances to mitigate any theft from employees or volunteers in the organization.
“If there are no checks and balances, it makes it easy to write fraudulent checks,” he said. “Make sure all policies are written down and become part of the bylaws.”
Also, since many amateur sports leagues are volunteer-based, it’s smart to ensure that they are not able to have access to or handle cash, he said.
“If there are employees, it’s a good idea to do background checks on anyone handling money,” Nalli said.
“Also, larger organizations should seek legal counsel to make sure bylaws and policies and procedures are well-written.”
Hot Hacks That Leave You Cold
Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.
“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”
Phishing Out Fraud
According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.
“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”
According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”
On the flip side, behavior also helps determine the best course of action to prevent phishing.
“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”
Lee stressed that phishing can affect employees at all levels.
“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”
Locking Down Ransomware
Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.
“These events are happening, and businesses aren’t reporting them,” Lee said.
In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.
After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.
Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.
“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”
And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”
The Future of Cyber Liability
According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”
“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”
About Nationwide’s Cyber Solutions
Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.
Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.