Recent Case Highlights Insurance Recovery Strategies and Pitfalls for Commercial PolicyholdersA recent Minnesota coverage decision provides guideposts for a commercial policyholder’s proper handling of an insurance claim as well as a cautionary tale regarding an excess insurer’s attempt to readjudicate liability in a subsequent coverage action.

In RSUI Indemnity Company v. New Horizon Kids Quest, Inc., the commercial policyholder (1) promptly and properly notified its primary insurer and its excess insurer (RSUI)  of a potentially covered claim; (2) involved those insurers in the underlying defense strategy; and (3) stipulated to liability in a manner that avoided a potentially applicable exclusion (and with the insurers’ consent). Nevertheless, after the verdict, the excess insurer attempted to readjudicate liability in a coverage action by arguing that an exclusion applied. The court, in a thoughtful decision, rejected the excess insurer’s arguments and granted summary judgment to the policyholder.

The Underlying Case

In the underlying case, a child’s parents sued the policyholder alleging that their 3-year-old son was physically and sexually assaulted by a 9-year-old child while both were under the policyholder’s care, custody, and control. In consultation with both the primary insurance insurer and the excess insurer, the policyholder did not contest liability, conceded that an “assault” occurred, but disputed the “nature, type, and extent of” the injuries sustained by the minor child.  The jury awarded $13 million in damages against the policyholder (later reduced to $6 million after a second trial), but did not determine whether a “sexual assault” occurred because it was not asked to do so. After the jury award in the underlying case, the excess insurer filed a coverage action seeking to avoid paying the excess verdict by invoking a sexual abuse exclusion.

The Coverage Litigation

In the coverage litigation, the court determined that although the jury was presented with evidence of sexual assault in the underlying case, the presentation of evidence alone was insufficient to support the excess insurer’s exclusion defense because the jury was not asked to determine whether a sexual assault occurred. The court explained, “With no insights into the jury’s method of awarding damages, and no effort by anyone—including RSUI—to ask the jury to parcel out its award, any conclusion at this stage that same or all of the damages arose from sexual abuse—whether by the undersigned or a new jury—would constitute pure and unfettered speculation.”  Additionally, the court noted that the excess insurer participated in both trials in the underlying litigation (more substantially in the second trial) and consented to the policyholder’s admission of liability.

Guideposts and Warnings for Commercial Policyholders

Promptly and Properly Notify All Insurers Potentially on the Risk

Providing prompt notice to all insurers on the risk, including excess insurers that may be impacted by a judgment or settlement, can avert unnecessary coverage litigation or at least place the policyholder in a better position if coverage litigation later ensues. In this case, the policyholder promptly and properly notified both its primary insurer and its excess insurer, thus avoiding a preemptive challenge to coverage based on late notice or failure to comply with applicable notice provisions. Although not apparent from the court’s decision, providing prompt notice better positioned the policyholder in the later coverage litigation as well by focusing the insured on its insurance coverage as it formulated its defense to the lawsuit. In addition, an insurer’s failure to assert certain defenses or, conversely, its participation and endorsement of particular defense strategies, may estop the insurer from raising particular defenses in a subsequent coverage litigation, as occurred in this case.

Mitigate Risks Arising from Different Defenses Asserted by Excess Insurers

As this case demonstrates, primary and excess insurers may take different coverage positions, even when the excess policy follows form or incorporates language similar to the primary policy. This decision does not reveal whether the excess policy followed form or included a different exclusion.  If the former, the excess insurer adopted a coverage position different than the primary insurer based on similar policy language. A primary insurer with the duty to defend must support defense strategies that are in the policyholder’s best interest even if those defenses are detrimental to the insurer’s potential coverage defenses. This conflict – which must be resolved in favor of the policyholder where the duty to defend is concerned ­– may preclude the primary insurer from asserting certain exclusions that require a liability determination. In contrast, an excess insurer with no defense obligation may not face the same conflict of interest and therefore may be better positioned to assert certain coverage defenses not available to the primary insurer bearing the defense obligation.

A savvy policyholder can mitigate certain excess insurer coverage defenses by involving the excess carrier in the defense of the underlying claim (or providing an opportunity for the excess carrier to decline to be involved). In this case, the policyholder promptly notified the excess insurer, consulted the excess insurer during the underlying litigation, and obtained the excess insurer’s approval of the admission of liability – critical facts that the court relied on when ruling in favor of coverage. By involving the excess insurer, the policyholder preserved coverage under both policies. Policyholders should be aware that different insurers may take different coverage positions – even on the same policy language – and take steps to mitigate that risk, as did the policyholder in this case.

Coordinate Defense and Insurance Recovery Strategies

Commercial policyholders can minimize uninsured losses by coordinating defense and insurance recovery strategies. While an insurance recovery strategy should not drive the defense of an underlying claim, coordination of the best available defenses to the underlying case with available insurance recovery strategies can minimize a commercial policyholder’s ultimate exposure. In this case, the policyholder coordinated its defense and insurance recovery strategies by admitting liability but disputing damages. This approach is an important strategic option available for policyholders seeking to maximize insurance recovery in litigation that involves both covered and uncovered claims. Admitting liability to avoid an unfavorable jury finding on an uncovered claim can help preserve insurance coverage for the entire liability. While asserting a strong liability defense for the uncovered claim or settling the entire matter may be a preferable option when available, an admission of liability can be an effective risk mitigation strategy. In a minority of cases, policyholders may adopt defense strategies that maximize insurance recovery at the expense of the underlying defense. To minimize liability and maximize insurance recovery, policyholders should carefully consider the risks and rewards of available insurance recovery strategies early in the defense of the underlying litigation (if not before).

Follow Form Coverage Does Not Always Follow Form

This case also highlights the discrepancies that can sometimes arise between different layers of insurance. Although the primary insurer defended under a reservation of rights and subsequently paid its share of the judgment, the excess insurer disputed coverage based on the sexual assault exclusion. The court’s decision does not specify whether the primary insurance policy included a sexual assault exclusion, but does note that the primary insurer defended under a reservation of rights. Assuming that the primary policy did not incorporate a sexual assault exclusion, the policyholder could have avoided the coverage with its excess insurer by ensuring that its excess policy followed the primary policy form without any additional exclusions. Although there are exceptions to every rule, policyholders rarely benefit from excess coverage that is more restrictive than their primary coverage. Commercial policyholders should carefully review their coverage towers to ensure that their insurance protection is coordinated across the primary and excess layers.

Past Insurer Cooperation Does Not Guarantee an Insurance Recovery

Finally, an insurer’s cooperation in the defense of an underlying claim does not preclude that insurer from later disputing coverage, especially when the insurer issues a reservation of rights letter. Disputes can arise despite an ongoing business relationship between the policyholder and the insurer. In this case, the excess insurer received prompt and proper notice of the claim, monitored the litigation through the first trial, consented to a defense strategy, actively participated in the defense of the second trial, and then denied coverage only after the second trial. These events underscore the need to proceed carefully when seeking insurance coverage. The outcome in this case may not have been the same if the policyholder had not complied with its notice obligations and involved the excess insurer in the underlying case.

Blockchain: The Policyholder Plan for Smart Insurance PoliciesInsurers’ exploration of distributed ledger technology (DLT), commonly referred to as blockchain, continues to expand. Last month, AIG announced a partnership with IBM and Standard Chartered Bank P.L.C. to test a “smart contract” insurance policy. The Blockchain Insurance Industry Initiative, B3I, formed last year, recently expanded to 16 members, including Munich Reinsurance Co. and Swiss Re Ltd., as well as Aegon N.V., Allianz S.E., Assicurazioni Generali S.p.A., Hannover Re S.E., Liberty Mutual Insurance Co., XL Catlin, and Zurich Insurance Group Ltd.

Industry analysts suggest that insurers can use DLT in reinsurance contracts, wholesale insurance products, claims management, reserve calculation, automated notice of claims and losses, evolving underwriting models, and fraud detection. DLT could increase administrative efficiency and reduce administrative overhead, improve underwriting accuracy and claims management efficiency, and provide access to new insurance markets.

These benefits, if realized, could substantially increase insurance company profitability. DLT could profoundly impact the bottom line of early-adopter insurance companies, even if those companies only touch the surface of DLT’s potential uses.

DLT’s emergence poses both opportunity and risk for policyholders. Savvy policyholders should:

  • Plan for potential claims automation.
  • Assess the future value of source-level data for risk assessment.
  • Develop strategies for controlling access to risk assessment data to maximize coverage benefits.

How Does DLT Benefit the Insurance Industry?

At its most fundamental, DLT is a customizable peer-to-peer digital ledger. DLT allows users to efficiently share information at a previously agreed upon level of automation. Before implementation, users agree on DLT’s key features, such as information sources, transfer methods, triggering events for information or payment transfer, and rules for recordkeeping on the ledger.

DLT allows users to add or remove functionality based on their needs. Insurers may not require immutability (a key characteristic of the bitcoin blockchain) in which past entries, once added to the ledger, cannot be changed. Ever. Period.

Bitcoin requires immutability to operate as a currency. Without it, users could spend the same bitcoin more than once, much like forwarding an email. In contrast, a permissioned blockchain privately operated between a group of insurers and reinsurers may not require immutability.

Insurers may customize DLT to use an “oracle” to trigger a blockchain event. An oracle is a mutually agreed on source of data (usually from a trusted third party). For example, a “smart” property policy could use National Earthquake Information Center (NEIC) data as an automated trigger to invoke or ignore an earthquake exclusion in a property loss claim. Similarly, a property policy could use a fire alarm as an automated trigger for notice of a fire-related insurance claim.

While DLT’s insurance applications are still in their infancy, insurers will likely customize their DLT applications to accomplish four goals:

  1. Efficiently gather and store information from policyholders (for both applications and claims).
  2. Automate portions of claims management.
  3. Automate and improve recordkeeping and data access.
  4. Share necessary information with reinsurers.

By customizing DLT, insurers hope to improve risk assessment, reduce overhead, and improve reinsurance outcomes by laying off appropriate levels of risk. The primary benefits to insurers are improved data gathering, data utilization, and operational efficiency, each of which should translate into better earnings or lower expenses.

How Does DLT Impact Policyholders?

DLT will likely impact policyholders through claim automation and data commodification. Policyholders should properly plan and negotiate placement of “smart” insurance policies to minimize the adverse impacts of both automation and commodification.

Policyholders Should Carefully Consider the Impact of Claims Automation

Implementation of claims automation without proper policyholder controls in place could wrest critical decisions from policyholders:

  • Should we submit this claim given current business conditions?
  • How should we describe the underlying event?
  • When did the operative event actually occur?
  • Does an exclusion potentially bar coverage?

Under the existing claims paradigm, policyholders can assess an event, determine the best strategy to manage and report the claim (in strict compliance with the policy’s notice requirements), and present the claim in a manner that maximizes the potential coverage available while accurately depicting the triggering event. This reporting process can range from simple and formulaic for some types of more routine claims to complex and customized for unique or substantial claims.

Negotiating automated triggers for reporting certain claim information and processing claim information necessarily removes an element of policyholder control from claims reporting. While automated processing could provide benefits (for example, automated claims notice mitigates the potential of a claim being denied for late notice), presenting certain information without context could increase the risk of a claim denial for other reasons.

For example, consider a cyberinsurance claims oracle that uses a mutually agreed upon set of network events to detect a distributed denial of service attack (DDoS) (a flood of requests to a particular network impacting the policyholder’s consumer web portal causing loss of sales and potentially leading to a business interruption claim).  While automated reporting may benefit insureds, both philosophical risk management questions and technical questions about the oracle framework could impact claims management using automated DDoS reporting.

From a philosophical perspective, should the policyholder report every DDoS event, even if the ultimate business interruption may not cause a covered loss (either because the DDoS event did not actually impact aggregate sales or the lost sales did not exceed the deductible)?  If this reporting is done, what information should be sent as part of the automated process? Should the notice be limited to the fact of the DDoS event or should it include additional network information that may be relevant to the insurance company’s investigation of the potential claim? Should the notification trigger a delayed sales impact report at a specific time following the DDoS event? May the insurer rely on notification of a DDoS event in subsequent renewal and premium decisions even if the event did not result in a claim? And perhaps most importantly, what benefit do policyholders obtain in exchange for this automated reporting system that they could not obtain at a less institutional cost than automated reporting?

From a technical perspective, the traffic monitoring protocol that detects a DDoS event and automatically reports the claim should report the event when the network speed is sufficiently impacted to cause the loss of sales while minimizing false positives due to higher than normal usage rates.  Policyholders should negotiate these technical details ahead of time to limit their adverse impact on the subsequent administration of a claim.

Policyholders Should Control Data Commodification

Adopting DLT applications could allow insurers to gather, store, and analyze policyholder data to a far greater degree than they currently do. Insurers already obtain a significant amount of data from their policyholders over the course of what is often a multiyear, collaborative business relationship. The development of DLT applications combined with the proliferation of always-on, always-connected devices (the Internet of Things or IoT) could substantially increase the depth and scope of the data that insurance companies obtain from their policyholders.

Insurance is and always has been a data-driven enterprise, but even modern insurance frameworks require substantial manual data entry and duplication of effort across departments. Despite the substantial information that insurance companies obtain from their policyholders, much of the analytic value of this data is currently lost to this administrative inefficiency.

With proper data management protocols and access to new and better sources of data from the IoT, insurers will have access to unparalleled databases to refine and improve their underwriting and risk assessment models. While improving risk assessment could benefit some policyholders in the form of reduced premiums, policyholders should carefully consider the type of data shared with insurers, the format of the shared data, and when that data is shared. Policyholders who negotiate restricted access to source data and instead present analytical results during renewal may obtain lower premiums than those companies that simply allow insurers continuous access to source-level data from key sources.

For example, consider commercial auto insurance. Insurers calculate premium rates based on several factors, including the type and amount of automobiles in the fleet, the number of authorized users, the location of automobiles, the usage of those automobiles, and the level of desired coverage.

With the advent of DLT, insurers could supplement this basic underwriting information with automatically reported driving monitoring data and offer dynamic premium pricing based on daily fleet usage. A sophisticated commercial policyholder might obtain lower premiums by using the same devices, gathering and analyzing the data itself, and reporting previously agreed-upon outputs to its insurer, rather than allowing the insurer access to the source-level driving data.

Even if the policyholder permits its insurer to access the source data, the policyholder should consider restrictions on the storage and use of that data. For example, may the underwriter use some or all of that driving data during renewal?

Driving is simply one example of DLT in action (and perhaps not even a long-lived example given the advent of autonomous vehicles). The IoT could make similar data reporting and analysis available for large portions of commercial and industrial systems. The commercial value of this data cannot be understated.

DLT applications allow insurers to more efficiently gather and store data for later use, but policyholders should control the type and form of data shared with the insurer before trading terabytes of data for the promise of reduced premiums.

 

Keep Viking Pump in Your Long-Tail Claim Toolbox “Long-tail” claims involve personal injury or property damage from alleged exposure to injury-causing products, such as asbestos or PFCs, over a number of years and multiple policy periods. Courts in various jurisdictions use different methods to identify the insurance policies applicable to these long-tail claims. One of the most important coverage cases of 2016 demonstrates that policyholders engaged in allocation disputes with insurers may succeed in securing “all sums” allocation even in so-called pro rata states.

The “all sums” method of allocation permits recovery of up to the limits of liability under any policy in effect during the periods when personal injury or property damage occurred. (The all sums method derives its name from the standard insuring clause promising to pay all sums above the self-insured retention “the insured shall become legally obligated to pay …”)

The “pro rata” method of allocation, on the other hand, limits each insurer’s liability to its pro rata share of the total loss incurred. Jurisdictions differ as to allocation for years with missing policies or policies issued by insolvent insurers. Certain jurisdictions allocate these years to the policyholder; others do not.

In the Matter of Viking Pump, Inc., 52 N.E. 3d 1144 (N.Y. 2016), New York’s highest court held that the policy language rather than a blanket rule determines whether the all sums or pro rata method of allocation is appropriate. This ruling sent shockwaves through the insurance industry because in 2002 the court had applied (and appeared to have adopted) the pro rata method.

The court held that the all sums method applied to allocate the excess insurers’ liability for asbestos-related losses in Viking Pump because the “non-cumulation” clause and “continuing coverage” clause in the followed primary policy was inconsistent with the pro rata method.

The non-cumulation clause in the policy (also known as a “prior insurance” clause) was substantially identical to the clause that first appeared in the London Market in 1960 to prevent policyholders from recovering under both a then-standard “accident-based” liability policy, as well as a subsequent now-standard “occurrence-based” policy. (Ironically, according to law professor Christopher French in an article cited by the court, some insurers have over the years attempted to expand non-cumulation clauses to eliminate their liability for long-tail claims altogether.) The continuing coverage clause extends coverage for continuing injuries after the policy period ends.

The Viking Pump court observed that pro rata allocation is based on policy language limiting liability to only those losses occurring during a particular policy period. In other words, “no two insurance policies, unless containing overlapping or concurrent policy periods, would indemnify the same loss or occurrence.” The presence of the non-cumulation and continuing coverage provisions, the court said, does not square with that principle. Those provisions “plainly contemplate that multiple successive insurance policies can indemnify insureds for the same loss or occurrence by acknowledging that a covered loss or occurrence may also be covered in whole or in part under any other excess policy.”

The court also held that “vertical exhaustion” is appropriate when an all sums allocation is applicable. This permits the policyholder to exhaust the layers of coverage in a specific policy year. (“Horizontal exhaustion” requires all applicable primary and umbrella excess layers to be exhausted before triggering any additional excess insurance.)

This week in Olin Corporation v. OneBeacon American Insurance Co., the Second Circuit extended Viking Pump, holding that once a layer is exhausted, the presence of a prior insurance clause reduces the limits of any applicable prior policies, whether or not the same insurers issued the prior policies.

The likely influence of Viking Pump cannot be overstated. This seminal case will be considered by courts around the country when called upon to decide allocation issues and should be included in the policyholder’s long-tail claim toolbox.

webinarBradley’s Policyholder Insurance Group is pleased to present “Flood Insurance for Lenders: ABCs of Flood Insurance Compliance” as part of our ongoing Policyholder Insurance Webinar Series.

This webinar will feature detailed information about flood insurance compliance presented by Bradley attorneys Katherine J. Henry and Heather Howell Wright.

When: Thursday, June 22, 2017, 11:30AM – 12:30PM CST

Where: Webinar Registration

What: Before a federally regulated lender makes a loan secured by real property, the lender must determine whether any structures on the real property are located in a special flood hazard area (SFHA) where flood insurance is available under the National Flood Insurance Program. Flood insurance is required if a lender takes a security interest in improved real estate that is located in an SFHA.This webinar will discuss the basic flood insurance compliance requirements applicable to lenders and servicers of residential and commercial loans. Topics discussed will include identifying the right amount of coverage, determining insurable value, force-placing flood insurance, escrow of flood insurance premiums under recent final rule making, and potential enforcement actions for failure to comply with these requirements.

We look forward to seeing you there!

Upcoming webinars in the Policyholder Insurance Webinar Series:

  • Thursday, September 28: Securing and Insuring the Internet of Things
  • Thursday, October 19: What Blockchain Means for Your Insurance
  • Thursday, November 9: Is That Drone Insured?

erosionA recent Fifth Circuit case highlights the potential risks of purchasing a defense-within-limits policy: If an insurer is obligated to hire independent counsel due to a conflict of interest, that counsel’s fees may erode your policy limits.

When an insurer accepts coverage of a liability claim, the insurer typically has the right to choose counsel to defend the policyholder as well as to control the defense. When an insurer defends under a reservation of rights, however, a conflict of interest arises between insurer and policyholder. Many states obligate the insurer in this situation to pay for independent defense counsel selected by the policyholder to obviate the conflict. For example, in Mississippi, a policyholder’s right to independent counsel paid by the insurer is known as the “Moeller” rule.

The Fifth Circuit recently decided just how far the rule extends. In Federal Insurance Co. v. Singing River Health Systems, the insurer agreed to defend a public hospital system, Singing River Health System (SRHS), and various officers, under a reservation of rights in multiple lawsuits stemming from alleged underfunding of a pension plan. The policy and policy application clearly stated that defense costs would erode the limits of liability. SRHS nevertheless argued that defense costs paid under Moeller should not erode the policy limits.

The policy defined covered “loss” to include defense costs that SRHS was “legally obligated to pay.” Because the insurer, not SHRS, is “legally obligated to pay” for Moeller counsel, SRHS reasoned that such costs should fall outside the limits. The federal district court agreed, holding that at a minimum, the phrase “legally obligated to pay” was ambiguous and should be construed in favor of SRHS.

During oral argument before the Fifth Circuit, the insurer reported that it had expended over $3 million in defense costs on a policy with $1 million limits.

The panel held that the district court’s ruling pushed the Moeller rule too far. The court cited a more recent Mississippi Supreme Court decision holding that the policyholder must meet the policy’s deductible requirement before the insurer’s Moeller obligation is triggered. The Fifth Circuit held that the insurer’s duty to pay for independent defense counsel is similarly subject to the terms of the policy, including the policy limits. The court also rejected SRHS’s public policy arguments against enforcement of the defense‑within-limits provision.

At oral argument, one of the judges quipped that perhaps SRHS underfunded its insurance coverage. While not apropos from a legal perspective, as a practical matter it is a valid point. SRHS had the option to purchase a separate limit of liability for defense costs and chose not to do so. However, even if there had been a separate limit, defense costs were triple the policy limit with the underlying litigation still ongoing. Failure to realistically assess risks and secure sufficient insurance coverage for those risks can be the ultimate peril.

RIMS 2017: Risk Revolution is less than two weeks away… are you going? Bradley’s Policyholder Insurance Coverage team is!

When: April 23-26, 2017

Where: Philadelphia, PA

What: Visit us at Booth 2734 (map of exhibit floor) to meet some of Bradley’s coverage attorneys and learn about key issues facing policyholders in today’s complicated insurance landscape. We look forward to seeing you at RIMS 2017.

For more information about the event visit the RIMS 2017 website.

webinarBradley’s Policyholder Insurance Group is pleased to present “Navigating Your Cyber Liability Policy” as part of our ongoing Insurance Policyholder Webinar Series.

This webinar will feature detailed information about cyber insurance presented by Bradley attorneys Katherine J. Henry and Emily M. Ruzic.

When: Thursday, April 13, 2017, 11:30AM – 12:30PM CST

Where: Webinar Registration

What: Does it pay to be covered for cyber liability? For many companies, the answer is an unqualified “yes.” During this webinar, you will learn about the types of cyber insurance coverage available in the insurance market today, including coverage for business interruption and cyber extortion, as well as pre- and post-loss services included in cyber policies. This webinar will provide the tools necessary to evaluate whether your company would benefit from cyber insurance, an increasingly important part of corporate insurance programs.

We look forward to seeing you there!

Upcoming webinars in the Insurance Policyholder Webinar Series:

  • Thursday, June 22: Finance Insurance
  • Thursday, September 28: Securing and Insuring the Internet of Things
  • Thursday, October 19: What Blockchain Means for Your Insurance
  • Thursday, November 9: Is That Drone Insured?

litigation lunch and learnBradley’s Policyholder Insurance Group is pleased present “It Pays to be Covered: Business Interruption and Contingent Business Interruption Coverage” as part of Bradley’s ongoing Litigation Lunch & Learn Series.

This presentation will feature a detailed discussion between Katherine J. Henry, Chair of Bradley’s Policyholder Insurance Group, William Dodson, Senior Vice President at Arthur J. Gallagher & Co., and Matthew R. Loughman, an Underwriting Officer at Travelers.

When: Wednesday, March 22, 2017, 11:30 am – 1:00 pm CT

Where: Bradley Arant Boult Cummings LLP

One Federal Place, 1819 5th Avenue, North, Birmingham, AL 35203

What: In today’s interconnected world, almost no business is entirely self-sufficient. Businesses of all types alike rely on “just-in-time” supplies of critical goods and materials to produce and sell goods rather than maintain costly warehouses. When tomorrow’s product depends on today’s delivery, even the smallest disruption in your supply chain can cause substantial losses. Similarly, if a significant customer suffers property damage and needs to shut down its operations, the resulting losses can lead to significant losses, including excess inventory, cancelled orders, and skyrocketing expense ratios. More directly, a necessary interruption of your own operations arising from property damage can lead to cascading losses. Business interruption and contingent business interruption insurance can provide coverage for these risks, but you need to be aware of the particular nuances of this type of specialized insurance to maximize your protection while minimizing premium costs. Join us for a discussion of the intricacies of business interruption and contingent business interruption insurance to learn how to best protect your company from these risks.

To register and attend the event, click here to register.

We look forward to seeing you there!

self driving carIf you weren’t already convinced, this Drive.ai video of a self-driving system demonstrating an extended drive, at night, in rainy conditions, without human intervention, shows how close we may be as a society in which human driving is a luxury activity.

Drive.ai is far from the only company developing and testing AV systems. Waymo, Alphabet’s AV subsidiary, logged more than 635,000 autonomous miles driven on California public roads in 2016 (all other competitors combined logged 20,286 autonomous miles in California). Recently, Ford announced plans to develop a Society of Engineers (SAE) Level 4 AV (no steering wheel, accelerator, or brake pedal) for use in a commercial application (such as ride-hailing of package delivery) by 2021. General Motors, which, along with Ford, strongly supported legislation to allow AV testing and deployment in Michigan beginning this March announced that it will begin production of its AV line early this year. Tesla’s Autopilot option, an advanced driver-assist feature that Tesla describes as offering “full self‑driving capability” but requires driver monitoring has logged over 200 million miles since it was released in 2015.  Tesla estimates that fully autonomous driving could be technically feasible in two years, even if the regulatory framework is not developed enough to allow fully AV yet.

The Regulatory Hurdle

With major industry players fully engaged, Tesla predicts that AV will be technically feasible for a wide-scale deployment in two years.  The adoption of AV regulations in all fifty states may take several years, but, given the potential increases in safety (an estimated 90% of accidents are caused by human error) and the substantial backing of the auto industry, implementing the regulatory framework is likely only a matter of time.  While the National Highway Traffic Safety Administration’s (NHTSA) AV Policy only provides voluntary guidelines for AV manufacturers and a model policy for state regulation of driverless technology, NHSTA affirmed that it intends to pursue an “ambitious approach to accelerate the highly automated vehicle revolution.”

Common Industry Terminology

NHTSA’s AV Policy adopted AV terminology from SAE, which categorizes vehicles by levels of human control.  Level 0 vehicles require constant human control, while Level 5 vehicles will need no help from humans. Level 3 vehicles utilize “conditional automation” in which “the human driver will respond appropriately to a request to intervene.”

Policyholder Impact

AV’s impact on the auto insurance industry – and by extension, commercial auto insurance – is not fully known. While most accidents are caused by human error, the rise of AV introduces a new source of error: misjudgments by the underlying AV system. Experts cannot yet draw any statistically significant conclusions about the safety of AV due to the relatively small sample size (experts estimate that it will take billions of vehicle miles to draw accurate conclusions). Uber is aggressively pursuing AV, but faced criticism when one of its AVs ran a traffic light in San Francisco. Uber blamed the incident on the human driver, who failed to intervene, rather than on the AV system itself. A NHTSA report following a fatal crash involving a Tesla with the Autopilot feature engaged, revealed that after Tesla introduced the Autopilot feature, the number of crashes dropped by 40%.

Assuming that Tesla’s Autopilot data reflects a true decrease in automobile accidents for AV, we might expect insurance premiums for all cars to drop. However, some experts contend that Level 3 AV (similar to Tesla’s Autopilot feature) may present more safety concerns than complete human control or Level 5 AV. Nidhi Kalra, co-director of the Rand Center for Decision Making Under Uncertainty, testified during a recent U.S. congressional hearing that “[t]here’s evidence to suggest that Level 3 may show an increase in traffic crashes . . . I don’t think there’s enough evidence to suggest that it should be prohibited at this time, but it does pose safety concerns.”  Experts question whether inattentive humans may fail to intervene quickly enough, causing the AV to take no action in a dangerous situation because it expects intervention, or the inattentive human may intervene and make the situation worse because of a lack of situational awareness. If this holds true, we might expect premiums to come down only for Level 5, and not for Level 3 or 4 AV.

In addition to the premium question, AV will likely also impact current coverage forms. In the United Kingdom, the Centre for Connected and Autonomous Vehicles recommended new regulations requiring auto insurance policies to include a separate coverage grant for AV. While the UK motor-vehicle insurance scheme is driver-specific rather than vehicle-specific, the authorized driver provision in U.S. policies poses similar questions for insureds. Commercial Auto Policy standard ISO form language for the “Who Is An Insured” provision defines “‘insureds’: [as] a. You for any covered ‘auto’. b. Anyone else while using with your permission a covered ‘auto’ you own, hire, or borrow except […] c. Anyone liable for the conduct of an ‘insured’ describe above but only to extent of that liability.” The standard ISO form defines “insured” as “any person or organization qualifying as an insured in the Who Is An Insured provision of the applicable coverage.” Insurers must determine whether AV falls within this definition of an “insured” and whether to revise or endorse the standard ISO form to capture AV exposure.  In addition, insurers must assess the impact of AV on the omnibus provision c., which defines as an “insured” “[a]nyone liable for the conduct of an “insured” described above but only to the extent of that liability.” This provision extends liability coverage to anyone vicariously liable for the actions of an insured; its impact on AV must be determined.

The Future of AV and Commercial Auto Coverage

For the foreseeable future, commercial auto policies will remain critical components of every commercial insured’s policy portfolio. Accidents will continue to occur, and insureds will need legal representation in any ensuing litigation, which implicates auto insurers’ duty to defend. Insureds will also need comprehensive and collision insurance to repair damaged vehicles.  Many insureds may drive a variety of vehicles, including Level 0 vehicles fully controlled by the driver, and will need traditional permissive-driver liability protection.

Numerous liability questions may arise in accidents involving Level 4 and 5 AV vehicles, including:

  • Who will be responsible for any liability? The passenger sitting in the driver’s seat but not driving? The product manufacturer? A third-party purportedly causing or contributing to the accident?
  • Will insurers use vehicle ratings for property damage coverage but use different metrics for liability coverage?
  • Will insureds see less frequency of claims on their business auto liability coverage, resulting in lower premiums and impacting insurance company premium volume?
  • And, of course, will standard and manuscript insurance policies change in response to this new world?

 

 

A Close Look at Policy Wording Is Essential to Ensure Coverage for Cyber RisksAs the demand for insurance coverage for cyber-related losses continues to grow, more insurance companies are offering cyber insurance policies and endorsements, but the market is far from mature and the available policies far from complete. Insurers have not adopted a unified approach to cyber policies, nor do they offer identical coverages. Due to the variance between available cyber insurance policies and endorsements, policyholders should carefully weigh their cyber risks against proposed cyber coverage to understand the scope of coverage actually available to address company exposures. Insureds should closely examine policy wording, rather than relying on policy labels or marketing materials.

One of the first published cases interpreting a cyber policy illustrates this point. When hackers accessed 60,000 credit card numbers in P.F. Chang’s customer database, the restaurant chain’s cyber policy covered the costs of the forensic investigation into the cause of the data breach to prevent a recurrence, as well as the costs of defense against customer lawsuits arising from the breach, to the tune of some $1.7 million (P.F. Chang’s China Bistro, Inc. v. Fed. Ins. Co.). Most cyber policies include coverage for first-party losses as well as liability to third parties. Unfortunately, P.F. Chang’s cyber policy did not cover the nearly $2 million in expenses imposed by credit card issuers such as MasterCard to pay for such items as notifications to cardholders and reissuance of credit cards compromised by the breach. Many cyber policies offer coverage for these types of fines and penalties, albeit for an additional premium.

Those expenses, including fines and penalties, were passed through to P.F. Chang’s via its Master Services Agreement with the restaurant’s third-party credit card processor, Bank of America Merchant Services (BAMS). The agreements between servicers such as BAMS and credit card associations require the servicers to abide by Payment Card Industry Data Security Standards (PCI-DSS) and pay for losses arising from a data breach. These rules and obligations were incorporated into the contract between P.F. Chang’s and BAMS, requiring P.F. Chang’s to reimburse BAMS for any PCI-DSS assessments.

P.F. Chang’s and other restaurants and retailers rely on these servicers to process credit-card transactions on a daily basis. Yet in no less than three places, P.F. Chang’s cyber policy excluded liability assumed under a contract such as the one with BAMS. The “reasonable expectations” doctrine in Arizona that favors policyholders could not save P.F. Chang’s from the court’s interpretation of the plain wording of the policy.

A contractual liability exclusion is a standard exclusion in most commercial general liability policies. However, the exclusion typically incorporates exceptions for “insured contracts.” CGL policies incorporate this exclusion because these policies are primarily intended to cover a third party’s tort claims against a policyholder, not a policyholder’s financial losses arising from a contract. CGL policies also typically exclude coverage for fines and penalties such as those imposed by credit card associations. The P.F. Chang’s decision highlights the need for contractual liability, fines and penalties coverage for policyholders who accept credit card payments.

On January 27, 2017, the Ninth Circuit granted a joint stipulation to dismiss P.F. Chang’s appeal of the district court’s decision after the parties reached a settlement. We do not know the details of this settlement, although this settlement preserved this insurer-friendly decision to the detriment of policyholders.

This watershed case is a cautionary tale. The wild world of cyber-related risks is difficult to pin down – ranging from the obvious but mundane, such as theft of a company laptop, to the worst case scenario of a system-wide hack that could cause a major disruption and loss of business and extensive liability. As P.F. Chang’s shows, it pays to assess your company’s risks and closely examine your policy to ensure you have the coverage you need.