Rethink the need for D&O

For many private companies and nonprofits the cost of defending and settling an uninsured lawsuit could significantly impair or destroy the entity itself. This isn’t news. But spending a little more premium to package directors and officers liability (D&O) insurance onto your employment practices liability coverage could turn out to be one the most important assets for your organization.

Many people think that by being a smaller private, nonprofit and/or family run business, there is no potential for a D&O claim to occur. However, this unfortunately is not the case, says Dereck M. Malzi, area assistant vice president at Arthur J. Gallagher & Co. Regardless of the talent or strength of the organization or its management, even frivolous lawsuits can occur and the costs to defend them are on the rise. Even if your organization doesn’t have a large board, the coverage may kick in for any individual who is acting in the capacity of a director or officer.

“There’s a reason why some board members won’t agree to join your organization without D&O coverage,” Malzi says.

Smart Business spoke with Malzi about the importance of D&O and why spending a little more may be worth it to your organization.

What are some examples of claims scenarios where D&O could come into play?

Let’s say the vice president of a manufacturer determines that diversifying into a different product line presents tremendous sales potential for his company. Instead of presenting that opportunity to his employer, the VP shares his idea with his brother who forms a new company to produce that product. On behalf of the company, a shareholder might sue the VP, alleging that he wrongfully took advantage of an opportunity belonging to the corporation.

Another example would be if investors file a $5 million derivative lawsuit alleging breach of fiduciary duty. They might claim some of the officers had personal connections to a third-party contractor hired to re-tool the assembly line, so the contractor wasn’t hired to further the interests of the company. The suit could allege that other officers and directors breached their duty of care by undertaking the project without properly investigating the qualifications of the contractor.

Another scenario could involve misuse of funds. A state attorney general might sue a charitable foundation, alleging the trustees were excessively compensated and devoted insufficient time and resources to support the foundation’s intended purpose.

In all three of these examples, the settlements and attorney’s fees could run to several million dollars, which would put a significant strain on almost any organization.

How does fiduciary liability insurance differ from D&O?

D&O and fiduciary are typically bundled together, but D&O provides coverage for mismanagement, conflicts of interest, unwarranted compensation, failure to fulfill the organization’s mission, etc. Fiduciary liability insurance is specially designed to protect against claims alleging violations of the Employee Retirement Income Security Act of 1974.

What types of D&O insurance are available?

D&O insurance has three sides to it:

  • ■ Side A, ‘non-indemnified individuals’ — This provides coverage for individual directors and officers on claims that are not indemnified by the corporation, usually since it is either not legally permissible to indemnify or there are no funds to indemnify. Generally, Side A coverage has no deductible.
  • Side B, ‘indemnified individuals’ — This provides coverage reimbursement on claims against individuals who are indemnified by the corporation.
  • Side C, ‘entity coverage’ — This provides coverage to an organization for claims made against it, and separate and apart from claims made the directors and officers.

This information is the tip of the iceberg on the subject. Make sure you speak with a D&O insurance expert before you decide to pass on this protection for you and your company.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Reduce costs and realize tax benefits through a captive insurance program

A “captive” is an insurance company that has some common ownership or management with each of its insured companies, meaning that it only insures the risks of its affiliated companies. Its specific form is dictated by the risks, needs and goals of the companies that it insures.

“Captive programs enable companies to take control of their risk financing,” says Andrew Seger, general counsel at Imprise Financial. “The arrangement also reduces some third-party insurance expenses while adding tax efficiencies. It’s clear why many small and midsize companies are getting into it — flexibility, control, expense reduction and tax benefits.”

These programs have been around for decades, but until recently they were only feasible for Fortune 500 companies because of the resources necessary to setup and manage them. Captive managers have since evolved, creating efficiencies that make it feasible for smaller companies. As it stands today, captive programs can be cost-effective for most any size business.

“Any company, regardless of size, type or industry, should look into captive insurance programs,” he says. “Otherwise, they could be missing out on an opportunity to leverage its features to get more competitive.”

Smart Business spoke with Seger about captive programs, how they’re structured and what makes a good candidate.

In what ways can captive insurance programs lower costs for companies?
Company owners and managers are in the best position to assess the risk profile of their companies. Captive programs enable them to select the risks they want to retain and which they’d prefer to transfer to an insurance company. This drives down outside insurance expenses.

By reducing payments to insurance companies and instead funding the captive program, the money accrues to the benefit of the owners and managers, creating investment income in a tax-preferred manner while reducing costs.

Who are the better candidates for captive insurance programs?
It comes down to what uninsured and self -insured risk the company has, how much money it spends on insurance and whether the company has a good claims history. If the company is spending six figures on a policy, but hasn’t had a claim in 10 years, it could easily retain that risk in a captive program.

Another factor is cash flow. Good candidates should be financially healthy with cash coming in — not necessarily high net income and high revenue, but recurring, reliable cash flow.

What should companies know about the program’s administrative responsibilities?
Most smaller and midsize companies hire a captive administrator to run the program. One of their functions is to navigate the regulations and compliance issues. A good captive manager takes a turnkey approach to the regulatory responsibilities at an affordable and transparent cost. But they also can be innovative in finding ways to leverage the benefits of the program to achieve the company’s long-term goals.

What tax benefits do captive programs offer companies?
Captive insurance programs can play a role in a company’s tax strategy. Insurance premiums paid by a company to the captive are tax deductible. And since insurance companies are subject to special tax rules, a captive can take deductions for loss reserves, resulting in deferred taxation. Even better, some programs qualify to exclude all insurance profits from taxable income.

The tax advantages of captive insurance are there for a reason. Congress put them in place to help captives accumulate assets quicker so they’re ready to bear the brunt of a catastrophic event. It’s essentially building a war chest to combat risk, but that war chest can be used for other things in the core business as an asset of the captive program.

Even though times have changed, many people still think captive insurance programs are too complicated or their company is not big enough, so they don’t consider them a viable option. These programs have become flexible and efficient, and are worth a closer look to see if they can be a benefit to the company. Some companies find it becomes a very valuable asset, not just for risk financing, but it helps contribute to the company’s long-term success and competitiveness.

Insights Insurance and Risk Management is brought to you by Imprise Financial

As oil and gas picks up, insurance increases should be scrutinized

Drillers, suppliers and others connected to Marcellus Shale are hiring again, says Taylor Troiano, area vice president at Arthur J. Gallagher & Co. One company went from 35 to 69 employees in one month and still needed to hire 20 more.

Locally, Washington County has 1,146 open wells, with additional wells in the counties of Greene (870), Butler (321), Fayette (257) and Westmoreland (251).

“Energy has big swings,” Troiano says. “With the new presidential administration in place in Washington, an upturn is upon us.”

But as revenues go up, workers are hired and equipment is running again, insurance premiums will increase as well. The question for the business owner is: “How can I minimize those premium increases.”

Smart Business spoke with Troiano about what he expects to see with insurance and how energy companies can respond.

How should business owners manage through the rising costs?

First and foremost, safety is ‘huge.’ With workers’ compensation, for example, a service provider with an experience modifier above 1.00 can’t generally perform work for the larger exploration and production, or E&P, companies. Companies that want to hire more employees should have a strict process to ensure they’re hiring and continuously training the best workers.

When it comes to safety and risk, at a minimum, businesses need a certified safety committee that meets monthly. They will receive the 5 percent discount for their efforts, but perhaps more importantly, they will look more attractive to the insurance marketplace and give the insurance broker more leverage for negotiating renewal terms.

Property insurance rates may also increase as energy companies buy up more space and expand their risk profile (e.g., to build and repair their own equipment).

Another area to watch is umbrella coverage. As large energy companies, such as EQT, Range Resources Corp. and Rice Energy, start to contract for more services, subcontractors may be forced to purchase higher limits. Currently many of those requirements call for a $10 million umbrella limit, which could be $20,000 or more of additional upfront cost.

What about automobile rates?

In the first five months of 2017, the energy sector has seen about a 12 percent rate increase on automobile insurance. The National Highway Traffic Safety Administration found a 9 percent increase in fatalities, from 2014-2017, because of distracted driving. In addition, with unemployment low and more people on the road, an uptick in accidents is predicted.

To combat these increases, companies need to hire safe drivers — people without prior issues like DUIs. It’s a good idea to run motor vehicle reports (MVR) internally. If your insurance broker or insurance company does it, you can’t see the details of the report due to confidentiality. Also, be sure to clearly identify criteria for MVR and violations, reporting of accidents, etc. You might want to capture data by location or shift. It’s critical to implement strong policies, such as prohibiting cellphone use, even though state law allows it. Otherwise, make sure company vehicles have hands-free technology.

In addition, you can reward safe drivers so your employees see evidence of your commitment to creating a positive safety culture. Your insurance broker should be sharing best practices with you in this area.

What’s going on with the coal industry?

Experts believe the coal industry will stay steady or start to increase, as well. Even with the need for clean energy, coal is still an important part of the world we live in. Coal powers 35 percent of the world’s electricity and is also used in the industrial sector. With developing countries requiring more electricity for industrialization, this should help the global market. In the U.S., there has been a lot of consolidation.

How else can your insurance broker help?

Only a handful of insurance brokers have expertise in the energy industry within a 100 mile radius, so it’s critical for companies to work closely with the right broker to manage the total risk cost. Finally, as suppliers and drillers look for ways to generate new revenue, your energy insurance broker can help with referrals.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Emerging cyber risks reshape the market in the internet-of-things era

As the internet of things connects machines in complex networks, a new cyber risk is developing — bodily injury or property damage as a result of a cyber breach. Employers and risk managers need to consider the worst-case scenarios of a cyber breach of these systems.

At the same time, insurance companies that write property and general liability policies are starting to push back to avoid picking up this exposure, which may create a gap in your company’s coverage.

Smart Business spoke with Patrick Zedreck, area assistant vice president at Arthur J. Gallagher & Co., about how to mitigate coverage gaps with your cyber risks.

How has this cyber risk developed?

The traditional cyber policy addresses the financial aspects of a breach, such as the cost of notifying individuals of compromised information as well as defending against a lawsuit. It doesn’t, however, extend to covering bodily injury or property damage that result from a breach. For example, the Target Corp. data breach came through a HVAC company that serviced Target stores. While the hacker only took payment card information, that same server could have potentially allowed the hacker to overheat or freeze all of Target’s refrigeration units.

A cyber policy won’t pick up this kind of claim. While a property or general liability policy theoretically covers it, carriers are adding exclusions for cyber-based claims, specifically unauthorized access exclusions for bodily injury and property damage.

What businesses are most vulnerable?

If a manufacturing plant is run on a network, a hacker could overheat a machine and cause property damage or potentially bodily injury. Someone also could hack into a hospital’s network to access patient monitors or the pharmacy. While most hackers focus on financial gain — credit card information or ransom to return the organization’s data — that doesn’t eliminate the motivation of causing damage.

If your company isn’t linked to the internet of things, you don’t run the same risk. But building controls, utilities, etc., are increasingly connected. A refrigerator unit made by a large manufacturer might have a firewall, but the password could be the same for every single unit — and it could be easy for the hacker to determine. Once a hacker determines the password, he or she could theoretically access every unit manufactured.

How should employers cover this exposure?

It’s crucial to sit down with your broker and do a full gap analysis between the property, general liability and cyber policies. You need to be aware of what exclusions are on what policies and make sure there are no significant coverage gaps.

Because the claims information and actuarial data is still dynamic, insurance companies are including exclusions for this risk. Property, general liability and cyber carriers each want this exposure to trigger a policy they didn’t write. Currently, general liability carriers are issuing three types of unauthorized access exclusions. The least restrictive just excludes personal and advertising injury as a result of a breach, which a traditional cyber policy could cover. The other two exclude bodily injury and property damage as well. You’ll want to work with your broker to closely examine the exclusion language.

Going forward, as insurance companies continue to add cyber-based exclusions, some will come out with a policy form that expressly covers bodily injury and property damage resulting from a cyber breach.

It’s also a good idea to review your contracts with suppliers and vendors for cyber liability coverage requirements and standard security protocols.

What else can minimize this risk?

Getting the most advanced security and privacy training is important because employees are the biggest exposure for letting these breaches in — but they can also be the first line of defense. For example, an email may say, “You just booked something for $5,000, click here if you didn’t.” An untrained individual clicks the link, malware or a virus is on the network and the hacker is in. One error can expose an entire company.

Many people don’t realize how connected their systems are. The entire organization — from the CEO to the lowest-ranking employees — needs to work together to keep the company network safe. It doesn’t benefit anyone to experience a breach.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Top risk and insurance concerns when negotiating an acquisition or merger

Typically, risk management and insurance due diligence doesn’t kill a deal. But it can help buyers negotiate a lower price, a larger escrow fund or earn-out, or require a letter of credit for assuming certain risks.

During a potential acquisition or merger, the buyer should give his or her risk adviser access to the data room. That adviser can review the current insurance, loss runs, loss and claims experience, safety and employee policies, contracts and financials.

“Then, we come back with a report telling them what we think — particularly making sure they don’t inherit something that will haunt them later,” says Tony DeRiggi, area vice president at Arthur J. Gallagher & Co.

Smart Business spoke with DeRiggi about a few of the many insurance factors that need to be discussed before you close the deal.

What do buyers need to know about claims-made and occurrence polices?

Most general liability, products liability and umbrella policies are occurrence policies. The coverage trigger for these policies is the date the incident occurred, so buyers don’t have to worry about future claims. Some liability policies — typically directors’ and officers’, errors and omissions, professional liability, environmental/pollution liability and possibly product and completed operations liability — are claims-made policies, which trigger when the lawsuit or demand is received.

To counter this, buyers can require sellers to purchase an extended reporting period ‘tail’ endorsement or add the potential ‘tail’ cost to the negotiations.

Where else can liability policies present challenges?

Your risk adviser should provide an in-depth review of all exclusions. Some will be common and normal; others will be different than your risk appetite or uncommon to your experience. For example, if a pollution claim is reported next year, you don’t want to find out then about an exclusion in the liability policy.

Also, it’s important to know whether the target company has ever purchased a loss-sensitive rating plan as part of its insurance program. This usually applies to workers’ compensation, general liability or automobile liability. For any loss-sensitive policies (i.e. retrospective rating plans, large deductibles, self-insured retentions, fully self-insured programs), the reserves need to be accurate, accounting for all open claims. The acquisition should include a mechanism to cover the claim payments as those claims mature and pay out. If the potential sale is an asset purchase where the buyer doesn’t pick up the seller’s liabilities, this is less of a concern but should still be addressed.

The review should examine the contractual insurance obligations and indemnification clauses found in rental/lease agreements, loan/financial agreements and contracts in general. These agreements typically have minimum insurance requirements and obligations that may differ from the buyer’s current insurance program.

A risk adviser may also do an onsite inspection of the operations. Concerns to be considered include: Do the current safety procedures meet best practices? Do the employees receive harassment training? What are the hiring practices? What are the policies for pre-employment physicals or drug screening? The risk adviser can let you know what you’re in for.

What about property insurance? Does this review work the same as liability?

On the property side, it’s still about exclusions, deductibles, etc., but it’s more straightforward. The review should also consider whether the seller’s locations are in a flood zone, windstorm zone, etc. If the acquisition involves expansion into different or foreign geographic areas, you will need to consider any specific or special risks related to those areas (i.e. earthquake, kidnap, etc.).

What else is important to understand?

After the review is complete, your risk adviser will recommend that you integrate the insurance immediately, at the expiration of the seller’s policy or to let it run separately for a year or two. This last option may be a good idea if pricing and terms are competitive, so that you can wait until you get policies in place to feel more confident about the safety or risk management practices. A number of options exist, the key is to have a good strategy addressing the newly acquired risks — keeping surprises to a minimum.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Tailored coverage — and expert help — mitigate life sciences company risks

Leaders of early-stage life sciences companies often don’t have a business background and may not fully understand the risks inherent to their business. Life sciences companies face many unique risks. Insurance and risk management programs need to address these key risks and the broker must structure the coverage appropriately.

“If the broker doesn’t understand the space and know the key risks, then he or she won’t know to ask the right questions,” says Michael Kearney, area executive vice president at Arthur J. Gallagher & Co.

“One of our primary roles is to advise a company’s leadership about their risks, so they can make decisions with eyes wide open,” says Dereck M. Malzi, area assistant vice president at Arthur J. Gallagher & Co.

He says it’s also important to let them know what their peers are doing, e.g., “most companies are insuring this risk because the cost impact could be substantial if it happens, and the cost of insurance is reasonable.”

Smart Business spoke with Malzi and Kearney about key risk management and insurance for life sciences companies.

What is a risk that life sciences companies often overlook?

Most early-stage biotech companies don’t manufacture their clinical or drug materials. These materials are generally manufactured and tested by third parties. Emerging life sciences companies often assume that their business partners are insuring these materials. And that’s very rarely the case.

If something happens at that facility — a fire, water damage, a freezer quits — it could cost millions to replace the materials. And if the materials aren’t insured, the replacement cost comes from the company’s cash balance.

Once research moves into the human clinical testing phase, life sciences companies should consider a separate policy for their clinical supply chain. This type of policy can cover materials during shipment and while at manufacturing and storage locations. In one recent instance, after Gallagher’s life sciences team identified this uncovered risk, coverage was placed for the client’s off-site materials. Two months later, $800,000 worth of materials were destroyed and the insurance paid to replace them.

Could you provide other examples of risks overlooked by life sciences companies?

One difficult-to-absorb expense is business interruption. For example, sprinklers douse the entire lab, so the Food and Drug Administration shuts it down until it is revalidated. During the interruption, the company’s scientists sit at home but still get paid. Given that developing companies don’t yet have sales, their biggest financial risk in a business interruption event is unproductive payroll. Business interruption insurance can help reimburse for this continuing expense.

Another expensive risk is replacement of a lost research project, in particular if it runs for a longer term. In the event that a company has a six-month project and a fire destroys it five months in, the project will likely need to be rerun from the beginning. R&D restoration insurance can be secured to reimburse this expense.

How else should life sciences companies protect themselves?

Most boards of life sciences companies require director’s and officer’s liability insurance to protect against shareholder and other litigation because personal assets are on the line. Another unique risk comes from conducting clinical trials on humans. Research sites, institutions and partners will require proof of clinical trials liability insurance before the trial can be initiated.

Both of these risks, along with the insurance products that cover them, however, are complicated and require specific expertise. Life sciences companies should ensure that their broker has substantial experience in both of these areas. As an example, a clinical trial site might require $15 million of clinical trials liability insurance; an experienced broker will know that $5 million is more in line with industry standards. In addition, international studies and clinical trials are subject to very specific regulations and insurance requirements. In order to maintain timelines, the right expert can help facilitate this complicated process.

Life sciences companies should align themselves with insurance and risk management partners that focus on the life sciences industry. By doing so, they greatly reduce the risk of uninsured financial losses, improve timeline performance and maximize ROI for investors.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Industry changes mean the right captive manager is even more critical

Single parent captives continue to be a viable risk management option, even though a pending court case may impose new rules for how they can be set up and run.

“There is a court case that is going to impact a segment of the captive industry, but it’s not the only segment,” says Robert Zedreck, area vice president at Arthur J. Gallagher & Co.

Whether case law or legislative changes, the reasons a company will set up a captive is never going to change — a desire to better control its risk by setting up its own insurance company that isn’t dependent on the market. But like many industries, single parent captives are always evolving, so it’s important to surround yourself with people who know the market.

Smart Business spoke with Zedreck about what’s going on with captives and how some companies are successfully using them.

What changes are you noticing in the captive space?

Fortune 500 companies have been using captive insurance companies for years, but that’s now pushing down to the middle market. Good captive candidates are now companies that have more than $30 million in annual revenue, 100-plus employees or an annual insurance spend of over $300,000.

Not only are captives managing traditional insurance risks, they also are being used to manage enterprise risks. This is any risk a business has on its balance sheet, from the deductibles it takes on its commercial or employee benefits insurance to risks that are uninsurable but have annual expenses, things like litigation, regulatory or legislative changes, accounts receivable or commercial policy exclusions.

There also has been more activity in the employee benefits space where prices are skyrocketing. In a captive arrangement, companies are able to either share risk with other top performers as it relates to their employee benefits programs, or set up a captive to smooth the volatility for years where they have more losses than expected.

Are captives the same as self-insurance?

Companies can be self-insured without having a captive. They just haven’t formalized the process and formed an insurance company. For example, if a business has a rainy day fund for balance sheet risk, a captive helps formalize that process, where the captive team helps identify and quantify those exposures. Again, it’s a licensed insurance company that increases credibility and covers a business for severity in an attempt to smooth earnings.

What are best practices for the most successful captives?

It starts with a feasibility study that holistically looks at your risk management program, in order to identify areas that can be better managed via a captive insurance company. The feasibility study helps determine which captive(s) are appropriate for your risk management goals, whether that means forming your own captive or joining an existing one. Your captive manager will work with you to develop a business plan for the formation and ongoing management of your captive.

It’s critical to have the right team to manage, audit and provide legal and tax opinions on your captive insurance company. The captive manager is the quarterback who coordinates these service providers and helps identify the appropriate risks.

Captives are a long-term approach that needs to be well thought out. You need to work with someone who is going to put a lot of time and effort into a feasibility study. You need to work with credible partners, from the manager to the captive actuary to those performing the legal and tax work and audit opinions.

Even with potential industry changes, this is a viable risk management tool. Many companies are still forming new captives; so if your company faces significant exposures, take some time to explore whether a captive insurance company is a better way to control that process.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

In big oil and gas, who is protecting the little guy?

The tri-state area of western Pennsylvania, Ohio and West Virginia continues to be an active participant in energy exploration, dominated by the Marcellus Shale formation. While many embrace the opportunity, risks still come from government regulations, contracts, federal policy or inexperienced crews. Plus, small and midsize oil and gas companies, which support larger parent companies, may have difficulty managing these risks due to their limited resources.

Many health, safety, environment and regulatory managers know that with the limited resources their oil and gas companies have, especially with personnel, they need to lean on their insurance consultants. They are an extra set of eyes for safety and compliance.

Smart Business spoke with Taylor Troiano, area vice president at Arthur J. Gallagher & Co., about what’s going on in the industry.

What is the current safety climate for the energy sector?

When oil and gas exploded onto the scene several years ago, the industry was flooded with prospects, mostly enthusiastic workers seeking employment. The volatile mixture of innovations and inexperienced employees gave safety professionals and operation managers instant problems. While the potential risk of serious injury was real, fortunately very few experienced serious injury.

A company’s most valuable resource for a strong safety program is its employees. An engaged and active employee who believes in safety and risk management creates a safer environment for everyone.

Now, more than ever, it is imperative to have participation and involvement from employees, because an industry upturn could mean another rush of inexperienced workers returning or switching to oil and gas jobs. Many employers build that engagement with monthly safety meetings with a safety committee, which also takes advantage of the 5 percent discount on workers’ compenstation premiums from the state of Pennsylvania. But daily tailgate safety meetings can take that one step further. This is a great way to get employees together to discuss the challenges and risks they face in the field every day.

How do you think the national and local elections will impact the industry?

Employers and industry players have high expectations, and most are encouraged that local energy sources can continue to have a worldwide impact and strengthen our national economy. Positive changes seem realistic, but what the changes will be is yet to be seen.

What risks keep business leaders in oil and gas up at night?

Over the past 18 months, oil and gas companies have dealt with a downturn in the industry, which looks to be on the rise now. But, in this challenging environment, turnover has been a problem. When employers have new employees with less experience, that creates more exposure to safety issues. Companies have also had to ask employees to do more with less, which again, can increase their safety risk.

Many companies are restructuring their policies and personnel programs, while also offering more individual level training to maintain critical skills. One example could be adding a safety bonus for a limited amount of incident and accidents. It not only provides an incentive to help the business keep employees, it creates team unity.

What’s your takeaway about safety and compliance in oil and gas?

Health and safety is a critical area to differentiate in the oil and gas industry because it provides a competitive edge. Operators often use safety records to gauge their relationships with a company, but with so many service companies competing for business, it can be a management nightmare.

Several of the most progressive businesses are using ISNetworld and Avetta to track specific policies, safety records, Occupational Safety and Health Administration compliance, and Environmental Protection Agency and Department of Transportation requirements, but effectively maintaining them requires time, money and close attention. That’s where your risk manager can help.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

New OSHA rules reshape drug testing and filing requirements

New rules, under the Occupational Safety and Health Act (OSHA), will have widespread ripples in the business world this year.

“Big changes are coming to drug-testing policies and the way injuries and illnesses are reported — and there are a lot of nuances that employers need to make sure they are following within the new legislation,” says Josh Daly, ARM, a risk management consultant at Arthur J. Gallagher & Co.

Smart Business spoke with Daly about what these OSHA changes mean for employers.

What are OSHA’s new recordkeeping requirements?

In order to prevent work-related injuries and illnesses, OSHA has for decades required almost all employers keep track of their work injuries and illnesses in an OSHA 300 log. This information was internal and only provided to OSHA in the event of a physical audit or written request. Now, certain employers also must log on to OSHA’s website and submit this recorded information electronically.

The idea is that this will nudge employers into improving workplace safety and health, because the information ultimately will be posted to OSHA’s website. OSHA also plans to use this for its own data analysis, helping it spot trends that need to be addressed, including potential audits with certain employers.

While OSHA claims all personally identifiable information will be removed when the data is posted, employers need to understand they’re creating a permanent record that can be used as a competitive advantage or disadvantage after it’s been publically disclosed.

Who needs to file these electronic submissions?

If your organization has a single physical location with 250 or more employees and has been required to keep records previously, you will have to submit this data.

In addition, if your company has between 20 and 249 employees and you are in what OSHA deems a high-risk industry, you have to submit this data. The term ‘high risk’ applies to more industry classifications than you may think. For example, a variety of grocery stores, department stores, general rental centers, food service distributors, etc., will now be required to post this information.

If you’re already tracking this data and you fall into one of the two required categories, make sure your recordkeeping is in an easily transferable electronic format. It’s also a good idea to spend more time reviewing this data to verify accuracy, before you submit it.

What do employers need to know about the new OSHA rules on drug testing?

Under the new law, OSHA has ruled against mandatory ‘blanket’ post-accident drug screenings for all employers. It believes that employees don’t report legitimate workplace injuries because of these policies, and therefore they are retaliatory.

OSHA’s comments seem to indicate drug testing can be administered when there is a reasonable belief of drug use, such as a motor vehicle or forklift accident. This rule doesn’t apply if you have to drug test for a state or federal guidelines, such as a mandatory post-accident drug test as part of a commercial driver’s license. And you can still continue pre-employment drug testing and random drug testing.

Since enforcement of this law began Dec. 1, 2016, it’s a good idea with this increased scrutiny to remind all your employees — not just senior management — of your organization’s anti-retaliation practices, and document the discussion.

Also, consult your risk management professionals and legal counsel to verify that your internal policies and procedures, including safety incentive programs, are reasonable and in compliance with OSHA’s revised stance on workplace retaliation.

With workplace incidents now requiring independent review, it will be important to set up an efficient assessment process to ensure that the testing that is still allowed is completed in a timely manner.

While these changes won’t significantly alter your existing responsibilities, they increase the risk of a citation and need to be considered as your organization evaluates its risk management programs. For the complete list of changes, visit OSHA’s website.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.

Every business has cyberrisk. What are you doing about yours?

Many employers underestimate their risk of a cyber breach and the overall cost of cyber claims.

Data breaches have increased 23 percent in the last year, according to the Symantec Internet Security Threat Report 20. The average cost of a data breach also is now at $4 million, the Ponemon Institute’s 2016 Cost of Data Breach study found.

“With the rising number of breaches and costs associated with them, cyber insurance should be a key component in every company’s insurance portfolio,” says Angela Corcoran, client service supervisor at Arthur J. Gallagher & Co. “If employers don’t have cyber coverage, now is the time to reach out to their insurance advisers. For those employers who’ve already purchased cyber policies, it is important to ensure that their limits are adequate to cover their risks.”

Smart Business spoke with Corcoran about the latest cyberrisk developments.

What risks can cyber insurance cover?

Every organization has some sort of cyberrisk, even if it isn’t transacting business over the internet. Any entity that interacts with the public or hosts a website has cyber exposure. Any employer that collects even a minimal amount of personally identifiable information is at risk of a privacy liability claim. Additionally, all employers are vulnerable to cyber extortion — a threat of a cyberattack on their website or computer systems in exchange for money.

Cyber policies are designed to insure against these scenarios and more. Most policies provide first-party coverage, which responds to direct losses to the insured, and third-party coverage, which is designed to cover the insured’s liability to others.

Also, cyber policy components provide coverage for things like network security, privacy liability, breach response, media liability, extortion, etc., which can be tailored to fit each employer’s particular risk. For example, retailers or businesses that accepts credit card transactions can buy PCI Assessment coverage that will pick up costs associated with assessments against the company for breaches of Payment Card Data Security Standards. The appropriate limit is partially determined by the number of credit card transactions each year and the company’s PCI compliance level.

How can an employer determine what level of insurance to get?

There’s no magic formula to determine the proper amount of cyber limits. Every business is unique. Employers can reach out to their insurance advisers who should have tools and models that can help drill down to appropriate limits based on their exposures.

What’s happening with the coverage prices?

A year ago, cyber rates were increasing rapidly, due to high-profile data breaches. In the past six months, rates seem to have stabilized; however, expect continued rate fluctuation as claims evolve.

Are there emerging products that employers should watch for in 2017?

Cyber insurance is ever evolving. As cybercriminals get bolder and more sophisticated, new exposures arise, forcing insurers to constantly revise their underwriting and claim handling approach.

A recent addition to some cyber policies is social engineering coverage, sometimes referred to as fraudulent impersonation or cyber deception. Coverage is provided for the deceptive misleading of a company’s employees into releasing funds or confidential information to an illegitimate third party. This can happen when an employee receives a fraudulent email that looks like it’s from the CEO. The email requests funds to be wire transferred to an account, and only afterwards, does the employee realize that the email was a fraud. Social engineering coverage can sometimes be added to crime policies as well as cyber policies. All employers should consider this, as all companies are vulnerable.

What else would you like to share?

Many employers have a false sense of comfort in response plans that have not been adequately tested. It’s a good idea to sit down with senior management, key personnel and insurance advisers for a tabletop exercise, a ‘fire drill’ to simulate the company’s response to cyber claim scenarios. This allows employers to vet their current response plans, identify shortfalls and focus on where changes can be made, in order to strengthen their response to potential cyber claims.

Insights Insurance/Risk Management is brought to you by Arthur J. Gallagher & Co.