Cyber Insurance: Court’s Recent Decisions May Change What Your Policy CoversCyber incidents can take many forms—phishing, insider theft, SQL injection, malware, denial of service, session hijacking, credential farming, or just old fashion “hacking.” Although many of these attack vectors employ technical knowledge, some utilize deception to manipulate individuals into performing certain actions or divulging confidential information.

Commonly referred to as “social engineering,” a perpetrator can exploit human behavior to pull off a scam. Oftentimes this comes as an email, which appears to be from a trusted colleague, vendor, or business partner, asking for a wire transfer to a particular account to settle a bill or provide payment for services.

To date, many of these social engineering schemes have been denied under cyber or computer fraud insurance policies, with many insurance carriers insisting that the policies only cover hacking-type intrusions.

In recent months, this stance has been denied—twice. Once by the Second Circuit in Medidata Solutions Inc. v. Federal Insurance Co. and once by the Sixth Circuit in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America.

In both cases, the court found in favor of the policyholder in a dispute over coverage for social engineering schemes. In Medidata, the insured brought suit claiming that its losses from an email spoofing attack were covered by a computer fraud provision in its insurance policy. The provision at issue covered losses stemming from any “entry of Data into” or “change to Data elements or program logic of” a computer system. The court reasoned that although no hacking occurred, the perpetrators crafted a computer-based spoofing code that enabled the fraudsters to send messages that appeared to come from one of Medidata’s employees. Similarly, in American Tooling, a fraudster send a series of emails, purportedly from a vendor, requesting that American Tooling wire transfer payments to new accounts. American Tooling wired over $800,000 before realizing that the emails were fraudulent. The court in American Tooling found that the loss was covered under the policy and that none of the asserted policy exclusions applied, finding that the emails were computer fraud that directly caused the loss.

Companies should understand the complexity and varied types of cyber incidents that they face, build in mechanisms to avoid engineering scams by validating proposed requests, and review their cyber and crime insurance policies to ensure that they take full advantage of available insurance coverage.  These cases also serve as a reminder to have a clear incident response policy in place and to quickly engage counsel who understands the complexities of the incident, as well as the insurance coverage, in order to minimize loss.

National Flood Insurance Program Shows Continued Promise--and Limitations--for Businesses Recovering from Hurricane LossFollowing record-setting levels of rainfall in the Carolinas from Hurricane Florence, businesses both in and outside of affected areas will likely be reviewing their flood coverage to assess how it will respond to adverse weather events. Although private flood insurance is on the rise, the National Flood Insurance Program (NFIP) remains by far the biggest source of flood coverage in the U.S.

NFIP was created in 1968 to address the problem of disaster relief costs and is administered by a department of the Federal Emergency Management Agency (FEMA). For participating communities, NFIP makes federally subsidized flood insurance available in special flood hazard areas. NFIP policies can be purchased directly from the government or from private carriers through the “Write Your Own” program.

Commercial policyholders under NFIP can obtain coverage for up to $500K for a building, and up to an additional $500K for certain types of personal property. These are single peril policies – they only cover direct physical damage caused by flood up to the property’s cash value. Notably, NFIP does not provide business interruption coverage for lost profits due to a shutdown of an insured’s operations. These limitations highlight the need for excess flood insurance coverage, as many businesses will need more than $500K in commercial property coverage; coverage for business interruption arising from flood; and coverage for the full replacement cost of lost property, rather than just cash value.

We have previously written about NFIP’s efforts to remain solvent in the face of multibillion-dollar flood insurance losses over the last 15 years. Last year, Congress passed a bill to forgive $16 billion owed by NFIP to the U.S. Treasury in order to ensure the program remains solvent. The program is currently authorized through November 30, 2018, as a result of seven temporary extensions by Congress over the last year. These steps by Congress reflect bipartisan support for a program that provides an important role in disaster recovery, but consensus has not yet developed around new long-term legislative reforms. This year, FEMA has introduced several changes to the program intended to manage its exposure, including loosening restrictions on private policies in the Write Your Own program, reducing compensation for private insurers who sell NFIP policies, and purchase of reinsurance for the program. We will continue to monitor the effect of these changes, as well as new initiatives and their impact on policyholders.

Coverage for Cannabis? How Cannabis’s Legal Limbo Affects Property Insurance PoliciesA recent federal court of appeals’ decision raises interesting questions for all policyholders, particularly commercial and residential landlords with tenants that grow, possess, and/or distribute cannabis, even where it is legal to do so under state law.

In K.V.G. Properties, Inc. v. Westfield Ins. Co., decided by the United States Court of Appeals for the Sixth Circuit on August 21, 2018, KVG claimed coverage for losses caused by its commercial tenant’s use of KVG’s property for cannabis cultivation. In connection with its cannabis business, the tenant removed walls, cut holes in the roof, altered ductwork and damaged HVAC systems, which ultimately cost around $500,000 to repair. KVG claimed that its loss was covered under its Building and Personal Property Coverage Form (the “BPP Policy”). However, Westfield denied the claim, arguing that the loss was not covered under the BPP Policy due to an exclusion that provided that Westfield would not pay “for loss or damage caused by [any] [d]ishonest or criminal act by [KVG], any of [its] partners, members, officers, managers, employees . . ., directors, trustees, authorized representatives or anyone to whom [KVG] entrust[s] the property for any purpose” (the “Dishonest or Criminal Acts Exclusion”).

Given the litigants’ positions, the court was forced to address the question of whether the cannabis-cultivating tenants committed a “criminal act” within the meaning of the policy. The court began by noting that, while growing cannabis is a crime under federal law, it is protected by Michigan law under certain conditions. The court also noted that “[u]nder different circumstances, KVG might have a strong federalism argument in favor of coverage.” The court went so far as to say it would “hesitate before reading a Michigan insurance policy to bar coverage for a ‘criminal act’ when Michigan law confers criminal and civil immunity for the conduct at issue.” The court ultimately punted on this difficult federalism issue, though, holding instead that the evidence was such that no reasonable jury could find that KVG’s tenant complied with Michigan law. In reaching this conclusion, the court cited KVG’s pleading in a summary eviction proceeding against the tenant where KVG stated that the tenant “illegally grew cannabis.” The court also noted that federal agents, who at the time were subject to U.S. Attorney General Guidance stating that they should not prioritize individuals whose actions are in compliance with existing state laws, raided the premises. This raid, the court reasoned, confirmed that the tenants were not acting in compliance with Michigan law.

This case has multiple interesting implications for insureds. First, policyholders that have extensive and expensive insurance packages (and, consequently, some ability to negotiate policy terms) could attempt to negotiate a more definitive exclusion to obtain more certainty as to whether losses caused by things such as cannabis use and cultivation are covered.

Secondly, policyholders and their counsel should note that the inconsistency between state and federal law as to cannabis’s legality lends itself nicely to an argument that the Dishonest or Criminal Acts Exclusion (and other similar exclusions) is ambiguous in this context. It is a maxim of coverage law that ambiguous provisions in insurance policies should be construed in favor of coverage, and this ambiguity could give policyholders an avenue to pursue traditionally excluded coverage. To this end, this tension between federal law and certain state laws could almost “read out” the Dishonest or Criminal Acts Exclusion for cannabis-related losses under the theory that the legality of cannabis cultivation is always ambiguous in states where medical and/or recreational cannabis cultivation and use are legal. Brokers acting for insureds might bargain for a more specific exclusion that makes it clear the Dishonest or Criminal Acts Exclusion does not apply to cannabis cultivation or use, or policyholder’s brokers might opt for keeping this more ambiguous exclusion rather than being forced to accept an exclusion specifying that coverage is not provided for losses caused by acts that are illegal under state or federal law, in order to leave open the possibility of arguing for coverage based on the exclusion’s ambiguity.

Lastly, insureds and their lawyers should be mindful of the arguments they make in related proceedings. While it was likely in KVG’s best interest to have its tenant—who was causing losses to the rented property—evicted, its argument that the tenant should be evicted for its illegal cannabis operation ultimately worked to prevent KVG from obtaining coverage for its losses. Policyholders should, to the extent possible, litigate any related issues with an eye toward preserving (or at least not foreclosing) coverage for their losses.

Federal Court Enters Powerful Duty to Defend Order in MaineIn addition to being a great place to find lobster, Maine may also be one of the country’s best jurisdictions for a policyholder seeking defense from its commercial general liability carrier.

In Zurich American Ins. Co. v. Electricity Maine LLC, the U.S. District Court for the District of Maine found against Zurich and in favor of Electricity Maine LLC, one of several defendants in an underlying class action lawsuit alleging pricing violations against the power company. Most notably, the court confirmed that Maine has a particularly low threshold for triggering an insurer’s duty to defend. The court found an “occurrence” despite Zurich’s argument that all the underlying allegations involved intentional conduct. And perhaps most shockingly, the court found the possibility of “bodily injury” based solely on the underlying complaint’s request for “actual damages in an amount to be proven at trial.” There is no mention in the complaint of emotional distress or mental anguish, but the court found an allegation of “bodily injury” anyway, relying on Maine’s broad duty to defend rules.

Based on this decision, a CGL policy can be triggered in Maine by virtually any general allegation of damage caused by negligence. Maine follows what it calls the “comparison test” and seems to allow for a duty to defend unless there is absolutely no chance of an eventual judgment that would fall within the scope of coverage provided by the policy.

Once again, we have an important reminder on two fronts. First, the duty to defend should be broadly construed, and some courts are willing to give the policyholder every benefit of the doubt, particularly in the face of ambiguous underlying allegations. Second, never forget choice of law. If you can go to Maine to resolve a duty to defend dispute (or to eat lobster), do it.

Wind, Flood or Storm Surge: Pick Your Peril CarefullyA catastrophic loss, such as a hurricane strike, can force any company out of business, even if it is insured. Although a business does not suffer any direct physical damage to its facilities, fickle natural disaster events can disrupt a company’s entire supply chain, with ripple effects for vendors, suppliers, customers and second-tier providers of services or goods.

With scorching August temperatures and the Atlantic hurricane season ramping up to full speed, the next months could, unfortunately, once again visit doom on vulnerable coastal areas, disrupting water or power services, causing evacuation and curfew orders, limiting travel, or halting operations either partially or fully. Securing insurance proceeds and FEMA assistance is crucial to business disaster recovery implementation.

1. What caused my loss?

A ubiquitous issue that arises with respect to natural disasters is how the peril is characterized – is it a hurricane, a “named storm,” a windstorm, a flood, or something else under your insurance policy? And what occasioned the particular damage at issue in the insurance claim – wind, wind-driven rain, storm surge, or flood?

How the mechanism of loss is characterized has critical implications for insurance recovery. Policies commonly provide different amounts of available limits (and sub-limits) for different types of losses (e.g., State Farm Florida Ins. Co. v. Moody, considering policy that limited coverage for damage caused by “hurricane” but that did not limit coverage for damage caused by “tornado”). And in some cases, policies may not provide coverage at all for losses that occurred as a result of certain causes (e.g., In re Katrina Canal Breaches Litig., considering whether damage to property was caused by flood or by the negligent design and construction of levees; flood being an excluded peril under the policy, while negligent construction was covered). For example, a commercial property insurance policy may provide coverage for damage caused by wind or a named storm but exclude coverage for damage caused by flood (e.g., Bradley v. Allstate Ins. Co.).  Complicating this analysis, policies often contain overlapping ill-defined concepts of “flood” vs. “named storm.” One may question whether a storm surge resulting from a named storm is treated as part of the named storm or as a flood.

The net effect is that the scope and amount of coverage can vary dramatically depending on how the cause of loss is characterized up front to the carrier at the proof of loss stage – a critical juncture that is rarely straightforward and that usually benefits from thoughtful legal analysis. To hold carriers to their promises of disaster recovery, policyholders need to have a thorough understanding of the coverage provided under their policies, the relevant case law, and the mechanism or mechanisms that caused their loss. Properly determining the peril at the time of claim submission can allow a policyholder to achieve the benefit of its bargain with its carrier.

2. What if there is no physical damage to my property?

Assuming no physical damage to your insured premises, how does a business function without electricity, telephone, email or water service? Utility service interruption coverage (if purchased) indemnifies, for example, against loss due to lack of incoming electricity affected by damage from a covered cause (fire or named storm) to property away from the insured’s premises — usually the utility generating station. This type of insurance is commonly referred to as “off-premises power coverage.” Service interruption coverage is not standard, or even common but a policy could be endorsed to cover any of the following:

  • Water services – pumping stations and water mains.
  • Communications services – property used to supply telephone, radio, microwave or television services. Includes communication transmission lines, coaxial cables and microwave relays.
  • Power services – electricity, gas and steam, utility generating plants, switching stations, substations, transformers, and transmission lines. Typically the policyholder must elect either to include or exclude overhead transmission lines.

The value of goods, including raw goods under refrigeration, is often challenged by the carrier when presented for coverage. The issue is further complicated in large scale operations by several commonly found exclusions that limit the inherent risks associated with perishables, including mechanical defect, failure to maintain systems and consequential losses.

3. What if my loss resulted from both covered and non-covered events?

Given that property policies may provide coverage only for certain causes of loss, or may provide different amounts of coverage depending on the cause of loss (e.g., named storm vs. flood), a debatable issue often involves the extent to which a loss is covered when it is caused concurrently or sequentially by both covered and non-covered perils.

Some courts apply an “efficient proximate cause” test, under which a dominant cause is determined and coverage hinges upon whether that cause is covered, or alternatively whether the covered cause set the chain of events in motion. Other courts apply one of two “concurrent cause” analyses: (1) Some courts have ruled that when two causes combine to produce an indivisible loss, there is coverage as long as one of the causes was a covered peril under the policy, and (2) other courts have ruled that the policyholder bears the burden of differentiating damage attributable to covered and non-covered causes, and if the policyholder cannot meet that burden there is no coverage.

This analysis turns on the policy language as well. Insurers have sought to eliminate coverage in instances involving concurrent causes by incorporating “anti-concurrent causation” language in their policies that purports to bar coverage when an uncovered cause is involved in any way, whether directly or indirectly. For example, the policy may state: “We will not pay for loss or damage caused directly or indirectly by any of the following. Such loss or damage is excluded regardless of any other cause or event that contributes concurrently or in any sequence to the loss.” Some courts have enforced these anti-concurrent cause provisions while others have held that they are unenforceable, predominantly on public policy grounds. Where and how this language appears in the policy is also important and factors into how a court will view it. If the language is buried deep in a definition or an exclusion, for example, the situation might be distinguishable from existing case law.

For this reason it is important to review your endorsements at the time coverage is bound as well as analyze the policy exclusions that may be applicable to any loss to determine whether they are subject to anti-concurrent causation language.

4. How is storm surge different than wind?

After a catastrophic weather event in coastal areas, insurers and insureds frequently litigate whether property damage was caused by wind, on the one hand, or storm surge, on the other. Such litigation arises because property policies often cover damage caused by wind, while excluding coverage for damage caused by flood.

Courts considering such claims tend to characterize the peril of wind and the peril of storm surge separately. Courts have noted that storm surge is “little more than a synonym for a ‘tidal wave’ or wind-driven flood” and have held that damage from storm surge falls squarely within the bounds of flood exclusions, even where the flood exclusions do not expressly include the term “storm surge.” See, e.g., Leonard v. Nationwide Mut. Ins. Co.; Tuepker v. State Farm Fire & Cas. Co.; or Bilbe v. Belsom (“We have repeatedly held that the term ‘flood’ includes storm surges.”). By contrast, property policies generally cover damage caused solely by wind (i.e., wind that doesn’t interact with water). See e.g., Leonard; Tuepker v. State Farm Fire & Cas. Co.; or State Farm Florida Ins. Co. v. Moody (determining that insureds were not entitled to recover because hurricane spawned the tornado that caused the damage and hurricane sublimit applied).

Recovery may rise or fall based on whether the property damage at issue resulted from wind alone (for example, a structure was blown over by wind) or whether the damage resulted from storm surge (i.e., flooding caused by wind). Insureds who buy a master property policy are wise to keep the distinction between wind and storm surge—and the impact of such distinction—top of mind when considering coverage issues post-hurricane. Legal analysis of the wording of any coverage grants or exclusions and choosing a peril wisely must become part of the recovery planning implementation strategy businesses rely on to maximize the insurance claim.

Upcoming Event – Insurance for Cyber Risk – and the Disputes About Its Scope: The Good, the Bad, and the UglyBradley attorney Emily Ruzic will present “Insurance for Cyber Risk – and the Disputes About Its Scope: The Good, the Bad, and the Ugly” as part of DRI’s Cybersecurity and Data Privacy conference.

The event will discuss an overview of cyber threats that now include hacking, ransomware attacks, social engineering, and other schemes. The panel is presented by guest speakers Michael Carr of Brit Global Specialty USA and Anna M. Stafford of Travelers, and moderated by Bradley attorney Emily M. Ruzic.

When:  Thursday, September 6, 2018, 1:30PM – 2:15PM CDT

Where:  Lowes Chicago Hotel

What:  As insurance for cyber risks becomes increasingly common, so too do disagreements about the scope and application of the coverages available. This panel will examine underwriting and claims challenges, insurance coverage disputes, and regulatory pressures on financial and other institutions regarding cyber insurance.

For more information about the event, please review the conference agenda and register on the conference website.

We look forward to seeing you there!

Ponzi Coverage: A Unique Twist from ConnecticutKostin v. Pacific Indemnity is a recent federal decision from Connecticut denying insurance coverage that should be of particular interest to those impacted by a Ponzi scheme. In a coverage dispute arising out of the Madoff scandal, the court rejected the policyholder’s argument that Madoff’s misuse of funds constituted “wrongful entry” into her bank account and denied coverage for her clawback liability to the bankruptcy trustee.

The case is particularly interesting because it involves homeowners’ insurance, not the commercial crime or liability (D&O and E&O) policies often considered in coverage cases relating to Ponzi schemes. The insured, Susan Kostin, sought recovery under her family’s “Masterpiece” homeowner’s primary and excess liability policies. Kostin and her family lost millions from an account established to manage family assets, including principal and expected profits. The coverage dispute related specifically to a $3.75 million withdrawal clawed back by the bankruptcy trustee, plus $799,000 in attorneys’ fees and litigation costs spent on fighting to keep that money.

The court invoked several standard rules of policy construction, ultimately leading to its decision against coverage. The central question was whether the claims against Kostin included claims for “personal injury,” defined by the policies to include a legal obligation resulting from “wrongful entry or eviction.” This is a standard definition of “personal injury” seen in many different types of liability coverage. Here, Kostin saw a window of opportunity and made a creative argument: Madoff’s Ponzi entries into the account ledger were wrongful, so there should be “wrongful entry” coverage for Kostin’s liability to the trustee.

In the end, the court based its coverage denial on its distinction between two types of “wrongful entry”: unauthorized intrusions versus fraudulent accounting ledger entries. While “unauthorized intrusions” into accounts might be covered, the court held “fraudulent accounting” entries would not be covered. In creating that distinction, the court focused on the fact that “wrongful entry” is coupled with the term “eviction” in the policy’s definition of “personal injury.” Kostin never alleged that Madoff was operating the account without authorization, so the court found no “wrongful entry.”

The decision was appealed to the Second Circuit. That result on appeal could be important and significant to other Ponzi victims seeking coverage under the personal liability provisions offered by some homeowners’ insurance policies.

Two takeaways here: First, do not assume that coverage is unavailable for clawback liability for Ponzi schemes, even if homeowners’ coverage is the only available policy. Second, keep in mind that the underlying allegations almost always drive the threshold liability coverage decision, particularly as to the duty to defend. For Kostin, the result might have been different if the alleged basis for her liability had instead been Madoff’s use of personal financial information to gain unauthorized access to her bank account. That type of allegation might qualify as “wrongful entry” under the trial court’s analysis.

FFIEC Highlights Importance of Cyber InsuranceThe Federal Financial Institutions Examination Council (FFIEC) issued a joint statement in April emphasizing the need for companies in the financial sector to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most businesses have already recognized: Cyber coverage is quickly becoming indispensable.

Among the points highlighted by the FFIEC:

  • Institutions face a variety of risks from cyber incidents, including risks resulting from fraud, data loss, and disruption of service.
  • Traditional insurance coverage may not cover cyber risk exposures.
  • Cyber insurance can be an effective tool for mitigating risk.
  • Insurance does not remove the need for an effective system of controls as the primary defense to cyber threats.
  • The cyber insurance marketplace is growing and evolving, requiring due diligence to determine what insurance products will meet an organization’s needs.

Although not specifically mentioned in the FFIEC statement, businesses should be aware that cyber coverage can be an important source of mitigating regulatory risk associated with data breaches – if the organization purchases a policy that provides regulatory coverage. Today, there are a number of insurers offering products that reimburse costs for investigating and responding to a regulatory investigation or enforcement proceeding, as well as provide coverage for administrative penalties. Given amplified scrutiny from regulators in the area of data security, the importance of such coverage continues to increase. With a rapidly changing market, institutions should carefully review policies to be sure that the scope and limitations of coverage match their exposure.

 

Republished with permission. This blog post was modified for the It Pays to Be Covered blog. The blog post originally appeared on Bradley’s Financial Services Perspectives blog on April 17, 2018.

webinarUpcoming Event - Policyholder Insurance Webinar Series: Is That Drone Insured?Bradley’s Policyholder Insurance group is pleased to present “Enterprise Risk Management: What In-House Counsel Need to Know” as part of our ongoing Litigation Lunch & Learn series.

This onsite event will discuss an overview of enterprise risk management presented by guest speaker Matthew Lusco of Regions Financial and Bradley attorneys Katherine J. Henry and Emily M. Ruzic.

When:  Wednesday, May 16, 2018
11:30AM – 12:00PM CDT (Lunch and Registrations)
12:00PM – 1:00PM CDT (Presentation)

Where:  Bradley Arant Boult Cummings LLP, 1819 5th Avenue North, Suite 200, Birmingham, AL 35203

What:  Enterprise risk management provides a framework for managing risks across all sectors of an organization. This entity-wide approach to risk management depends on cooperation between an organization’s risk management and legal departments. Join us as we discuss enterprise risk management with Matthew Lusco, Senior Executive Vice President and Chief Risk Officer of Regions Financial. This one-hour program will offer insight into effective enterprise-risk-management strategies with a focus on in-house counsel’s contribution to an organization’s enterprise risk management program.

To register for the event, please RSVP by May 9th, 2018.

We look forward to seeing you there!

With the potential addition of autonomous cars and trucks to commercial fleets, commercial insureds should reassess coverage under their commercial auto, products liability, and cyber insurance policies. Automation, particularly the move toward fully autonomous vehicles, raises new coverage questions with new risk exposures for insureds and new opportunities for insurers.

This post is the first in a series examining potential coverage issues under different lines of coverage. We begin here with commercial auto insurance policies. Future posts will examine products liability and cyber insurance policies.

ISO Commercial Auto Form

Many commercial insureds’ auto policies incorporate the Business Auto Coverage Form (CA 00 01 10 13) (“Commercial Auto Form”) promulgated by the Insurance Services Office, Inc. (ISO).  The Commercial Auto Form provides coverage for “bodily injury” and “property damage” caused by an “accident” and “resulting from the ownership, maintenance or use of a covered ‘auto.’”  Although numerous cases have interpreted the scope of this coverage in cases involving vehicles other than cars and trucks, such as in accidents involving mopeds, 4x4s, riding lawnmowers, and other vehicles, courts have not yet determined whether this coverage extends to accidents involving autonomous vehicles.

Autonomous Vehicle Classifications

In a sense, today’s cars and trucks all offer some autonomous features. Some features, such as cruise control or self-parking, can operate independently once engaged by a driver. Only highly automated and fully automated vehicles can operate without driver control, however.

In its current operating guidance for autonomous vehicles — Automated Driving Systems 2.0:  A VISION FOR SAFETY, released in September 2017 (Voluntary Guidance) — the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) categorized autonomous vehicles using the International Society of Automotive Engineers’ (SAE) classification of autonomous vehicles levels between Level 0 and Level 5:

SAE Automation Levels
Source: NHTSA, Automated Driving Systems 2.0: A Vision for Safety.

NHTSA’s Voluntary Guidance describe vehicles that incorporate SAE automation Levels 3 through 5 as “Automated Driving Systems” (ADSs). Level 3 Conditional Automation ADSs require drivers to monitor and take control when necessary. Level 4 High Automation vehicles can be driven by a human, but are self-driving and do not require a driver. Level 5 Full Automation vehicles can perform all driving functions under all conditions. Level 5 vehicles include those vehicles with driver controls, as well as vehicles without driver controls, for example vehicles that lack a steering wheel or pedals. Level 5 vehicles without driver controls could incorporate seating spaces designed for conversation or work spaces with tables – but not controls that permit human occupants to assume any driving function. Let’s call these Level 5 vehicles “Personal Mobility Units” or “Level 52” (Level 5 Squared) vehicles.

Are Personal Mobility Units Considered “Autos” under the Business Auto Coverage Form?

ISO’s Commercial Auto Coverage Form identifies “autos” by numerical symbols 1-9, and 19.  Each insurance policy’s declarations page will identify the insured “autos” using those symbols.

Symbol 1 includes “Any ‘auto’” while symbols 2-9 narrow the definition of “auto” to exclude certain categories. ISO also offers the Covered Auto Designation Symbol endorsement (CA 99 54 10 13), which allows insurers to designate Symbol 10 “autos” to meet their insureds’ specific needs.

Is a Level 52 vehicle a Symbol 1 auto (“Any ‘auto’”)?  That depends on the definition of “auto.”  The Commercial Auto Form defines an auto as “a land motor vehicle” or “any other land vehicle” governed by state insurance law:

“Auto” means:

  1. A land motor vehicle, “trailer” or semitrailer designed for travel on public roads; or
  2. Any other land vehicle that is subject to a compulsory or financial responsibility law or other motor vehicle insurance law where it is licensed or principally garaged.

But “auto” does not include “mobile equipment.” CA 00 01 10 13, Section V –Definitions B (page 10 of 12).

Turning to part 1 of the “auto” definition, is a Personal Mobility Unit a “land motor vehicle?”

Of course, no court has considered this question. Those courts that have construed this definition in other contexts have considered whether the vehicle included customarily required features, whether the vehicle “resembled” a vehicle designed for use on public roads, and whether the vehicle was required to be registered by state law.

So, a construction vehicle known as a “Georgia Buggy” was not an “auto” because it: (1) did not resemble an auto; (2) was operated from a platform using “hand controls affixed to bicycle­-like handlebars;” (3) lacked key components, such as a steering wheel, a windshield, a separated driving compartment, lights, turn signals, and mirrors; and (4) was not required to be registered by the state. Harlan v. United Fire and Casualty Company, 208 F. Supp. 3d 1168, 1172‑73 (D. Kan. 2016), appeal dismissed, No. 16-3310, 2017 WL 4863142 (10th Cir. Jan. 13, 2017).

A photograph submitted during the litigation surely shows that the buggy was not an auto:

Georgia Buggy Exhibit
Georgia Buggy Exhibit

Of course, a Level 52 vehicle might not “resemble an auto,” would not have any type of hand controls, and would lack some (but not all) key components, such as a steering wheel.

A crop sprayer that collided with a motorcycle was considered an “auto” under the same policy language because it was subject to compulsory insurance and financial responsibility laws, had four wheels, was self-propelled, had headlights, taillights, turn signal, and “other components similar to road‑ready vehicles.” Berkley Regional Specialty Ins. Co. v. Dowling Spray Service, 864 N.W.2d 505, 508 (S.D. 2015). Under this reasoning, a Personal Mobility Unit is an “auto.”

Turning to part 2 of the “auto” definition, is a Personal Mobility Unit “subject to a compulsory or financial responsibility law or other motor vehicle insurance law? Is it licensed? Is it “principally garaged” in any state?

All ADSs are self-propelled and, like other self-propelled vehicles, will be subject to compulsory insurance or financial laws in most states (with certain exceptions). For example, in Delaware, motor vehicles include all “self-propelled” vehicles except farm tractors, elective personal assistive mobility devices (electric two-wheeled vehicles for one person, limited to 15 miles per hour or less), and off‑highway vehicles. Del. Code Ann. tit. 21, § 101. In Michigan, industrial equipment, electric personal assistive mobility devices, electric patrol vehicles, electric carriages, and commercial quadricycles are not “motor vehicles.” Mich. Comp. Laws § 257.33. In California, self‑propelled wheelchairs, motorized tricycles, and motorized quadricycles are not motor vehicles if operated by a person who, by reason of physical disability, is otherwise unable to move about as a pedestrian. Cal. Veh. Code § 415. Under these and other regulatory regimes, all ADSs should be subject to existing compulsory insurance or financial laws in most states (pending any change in regulatory regimes to accommodate ADSs).

No state excludes autonomous vehicles from registration. An auto is generally licensed in the state where it is registered. At the time of registration, the state will issue the appropriate number of license plates, which the owner or registrant is then required to display. See, e.g., Cal. Veh. Code § 6700. A tractor-trailer that displayed Nebraska insurance plates was indisputably licensed in Nebraska, despite being registered in multiple locations under the International Registration Plan.  See Berg. v. Liberty Mut. Ins. Co., 319 F.Supp.2d 933, 938 (N.D. Iowa 2004). Thus, the proper question is not whether an ADS is licensed, but rather whether it is required to be registered, and if so, it will likely be licensed as well.

What about the location of a Personal Mobility Unit? A vehicle is generally “principally garaged” in the physical location where it is kept most of the time. A vehicle that is kept in a single location for four months was “principally garaged” in that location even though the owner did not intend to reside there permanently. Chalef v. Ryerson, 277 N.J. Super. 22, 28, 648 A.2d 1139, 1142 (App. Div. 1994). A vehicle was not “principally garaged” in Michigan because it was not kept in Michigan “most of the time.” Frasca v. United States, 702 F. Supp. 715, 718 (C.D. Ill. 1989). But a rental truck leased for a three-day period was “principally garaged” in Virginia, not Maryland where it was licensed and registered, because the leasee kept the truck at its Virginia facility during the lease period. Hall v. Travelers Cas. Ins. Co. of Am., No. 1:16-CV-00173 (GBL), 2016 WL 5420571, at *5 (E.D. Va. Sept. 27, 2016). If the manufacturer owns the autonomous vehicle and leases it to different individuals in different states, where will that vehicle be principally garaged, and will it be subject to a compulsory or financial responsibility law or other motor vehicle insurance law in that state?

Finally, “auto” excludes “mobile equipment.” “Mobile equipment” encompasses an array of land vehicles, from bulldozers to power cranes to air compressors to any vehicle “maintained primarily for purposes other than the transportation of persons or cargo.” By definition, any autonomous vehicle, including a Personal Mobility Unit, is used to transport people and cargo and therefore will not constitute “mobile equipment.” In addition, the Commercial Auto Coverage Form excludes from the definition of “mobile equipment” those “land vehicles that are subject to a compulsory or financial responsibility law or other motor vehicle insurance law where it is licensed or principally garaged.” Those land vehicles are “autos.” As discussed above, autonomous vehicles, including Level 52 vehicles, will likely satisfy this exception to the definition of “mobile equipment” and will be considered “autos.”

Does Teleoperation Affect Coverage?

As of April 2018, California mandates a remote operator for autonomous vehicles testing on public roads without drivers. Cal. Code Reg. § 227.38. Remote operators must: (1) have the appropriate driver’s license for the type of autonomous vehicle; (2) not be seated in the driver’s seat of the vehicle; (3) engage and monitor the autonomous vehicle; and (4) be able to communicate with occupants in the vehicle by a communication link. The remote operator may also have the ability to “perform the dynamic driving task for the vehicle or cause the vehicle to achieve a minimal risk condition.”  Cal. Code. Reg. § 227.02(n).

At least one company will offer that remote control to assist with the testing and development of autonomous vehicles. Phantom Auto states that it provides a remote driver seated in a control room who can operate the vehicle remotely (described as “teleoperation”). Phantom Auto describes its services as “a teleoperation-as-a-service safety solution for all autonomous vehicles that includes an API [application program interface] for real time assistance and guidance, an in-vehicle low latency communication device, and a remote operator service.”  Phantom Auto enables a remote human operator to operate an autonomous vehicle when it encounters a scenario that it cannot handle on its own, allowing for optimally safe testing and deployment of autonomous vehicles.

The ISO Commercial Auto Form covers accidents “resulting from the ownership, maintenance or use of a covered ‘auto.’” Will insurers contend that an error in teleoperation does not “result from” the “ownership, maintenance or use of a covered ‘auto’” but instead “results from” remote operator negligence? Will they argue that other insurance policies should respond instead of a commercial auto policy?

We don’t yet know the answers to these questions, but insureds testing autonomous vehicles can determine the proper allocation of liability for remote operator error and tailor their policy language to address any liability. If teleoperation survives beyond the testing phase, all insureds using this service will need to assess the parties’ risk allocation and coverage options.

What about Exclusions?

As with the commercial liability policy, ISO’s Commercial Auto Form excludes coverage for “Expected or Intended Injury,” which it defines as “‘Bodily injury’ or ‘property damage’ expected or intended from the standpoint of the ‘insured.’” If the insured cannot operate the vehicle, can any circumstance arise that could arguably trigger this exclusion? At least from an operational standpoint, an insured could not expect or intend injury if the insured cannot operate the Personal Mobility Unit. Will insurers seize on allegedly defective maintenance rather than negligent operation to trigger this exclusion? Will they remove the exclusion as no longer applicable in an autonomous vehicle world? Only time will tell, but insureds and insurers alike should consider the impact of this exclusion.

What about Premium?

In February 2015, NHTSA reported that 94% of auto accidents are caused by human error.    Pundits predict that the frequency and severity of accidents will dramatically decline as autonomous vehicles become more prevalent (despite a messy intervening period when human drivers and partial and fully autonomous vehicles share the road). As frequency and severity falls, so does risk, thus potentially impacting premium. The complexity of autonomous vehicles may impact premium in the other direction, as early model autonomous vehicles will likely be extremely expensive to repair and replace. Insurers are no doubt (or should be) assessing autonomous vehicle’s potential impact on auto premium.

Where Next? Products Liability Insurance? Cyber Insurance?

Even as auto accident frequency and severity declines with increased automation, and premium eventually drops as repair costs normalize, commercial auto insurers may need to turn to other lines of coverage, such as products liability and cyber coverage, for revenue streams, and insureds may need to turn to these same policies for coverage for autonomous vehicles. We will discuss those policies in subsequent posts with a focus on Level 52 vehicles.