Debate over NFIP Reforms Likely to Extend into 2019A new short-term extension through December 21 leaves the National Flood Insurance Program (NFIP) in limbo as Congress grapples with a lengthy to-do list in advance of the holidays.  NFIP, the biggest source of flood coverage in the U.S., has been reauthorized through a set of short-term extensions in the last year as lawmakers debate the prospect of reforms to the program. NFIP has struggled to remain solvent in the wake of costly hurricanes, but lawmakers have not yet reached a consensus on how to make the program more sustainable.

In the face of the most recent extension, FEMA published a statement calling the short-term reauthorization “an opportunity for Congress to take bold steps to reduce the complexity of the program and strengthen the NFIP’s financial framework so that the program can continue helping individuals and communities take the critical step of securing flood insurance.” We have previously written about FEMA’s own changes to the program, including steps to loosen restrictions on private insurers selling NFIP policies, as well as purchasing reinsurance for the program. Congress will have to determine the viability of other changes, such as proposals to make rates correspond more accurately to risk and funding for mitigation of flood-prone areas.

The short-term extension through December 21 puts NFIP reauthorization on the same timetable as other significant legislative deadlines, including the expiration of a continuing resolution to fund the government. Should Congress pass another extension for NFIP without making changes to the program, the 116th Congress will take up the debate with several changes to the key players in the negotiations. Most notably, current House of Representatives Financial Services Committee chair Jeb Hensarling will be succeeded by incoming chair Maxine Waters.  Waters co-authored a reform act in 2012 that would have significantly curbed government subsidies to premiums, but in recent years has advocated a more cautious approach to rate increases.

Policyholder Diligence Ensures You’re InsuredPolicyholders take notice – a recent New York case highlights the importance of thoroughly analyzing and understanding all policy language to minimize project risk and ensure proper coverage. As an illustration, the Court of Appeals of New York recently held that a named additional insured was not covered under an insurance policy because the plain meaning of the language in the policy endorsement required a written contract between the policyholder and the additional insured.

In Gilbane Bldg. Co./TDX Construction Corp. v. St. Paul Fire & Mar. Ins. Co., the Dormitory Authority of the State of New York (DASNY) contracted with Samson Construction Company as general contractor for the construction of a new building. DASNY also contracted with a joint venture, formed by Gilbane Building Company and TDX Construction Corporation (the “JV”), to serve as construction manager on the project. The contract between DASNY and Samson required Samson to procure general liability insurance for the project and name the JV as an additional insured. Samson obtained this coverage from Liberty Insurance Underwriters.

Thereafter, DASNY sued Samson and the project architect. In turn, the architect filed a third-party complaint against the JV, which then provided notice to Liberty seeking defense and indemnification. Liberty denied coverage, and the JV initiated suit against Liberty, arguing that it qualified for coverage as a named additional insured. The New York Supreme Court denied Liberty’s motion for summary judgment and held that the JV was an additional insured under the applicable insurance policy. The Appellate Division reversed and the Court of Appeals affirmed.

The court reviewed the language of the additional insured provision which read, in relevant part, “an insured [is] any person or organization with whom you have agreed to add as an additional insured by written contract…” Here, the JV and Samson did not have a written contract with one another. Nonetheless, the JV argued that the written contract requirement conflicted with the plain meaning of the language in Liberty’s endorsement, “well-settled rules of policy interpretation,” and the parties’ reasonable expectations. The court disagreed, and found that the language was facially clear. It concluded that Liberty’s endorsement would only provide coverage to the JV if Samson and the JV entered into a written contract because “unambiguous provisions of an insurance contract must be given their plain and ordinary meaning.”

The court then explained how the outcome would differ if the provision did not include the word “with.” In that case, the endorsement would have provided coverage to “any person or organization whom [Samson had] agreed by [any] written contract to add…” Since Samson already contracted with DASNY to add the JV as an additional insured, coverage would have been effective as to the JV.

Regardless of the type of insurance policy at issue, it is critically important to thoroughly analyze the policy documents to ensure an accurate understanding of the language used. Individual policyholders often take policy language at face value, if they read the terms of the policy at all, and never question what coverage they have actually purchased. Similarly, when the policy at issue is part of a larger set of contract documents, companies often become complacent during the contract review process—especially when certain documents appear boilerplate or seem like only a minor formality to finalize a contract. Oftentimes, the perceived need for reviewing policy language is further dampened by the fact that the insurance policy comes into existence after the project contract is signed, such as the policy in this case.

As a result of complete oversight, the hurried nature of review, or the overwhelming volume of contract documents requiring review, policyholders can easily adopt a reading of policy language that might reflect reasonable expectations but does not necessarily adhere to the plain meaning of the language. Diligence must extend to the review of insurance policies because ignoring the actual language of the policy can result in significant risk exposure.  If you have any questions or concerns about your current insurance coverage or upcoming project needs, please contact Alex Thrasher and the team at Bradley to learn more about ways to ensure that you’re covered.

Cyber Insurance: Court’s Recent Decisions May Change What Your Policy CoversCyber incidents can take many forms—phishing, insider theft, SQL injection, malware, denial of service, session hijacking, credential farming, or just old fashion “hacking.” Although many of these attack vectors employ technical knowledge, some utilize deception to manipulate individuals into performing certain actions or divulging confidential information.

Commonly referred to as “social engineering,” a perpetrator can exploit human behavior to pull off a scam. Oftentimes this comes as an email, which appears to be from a trusted colleague, vendor, or business partner, asking for a wire transfer to a particular account to settle a bill or provide payment for services.

To date, many of these social engineering schemes have been denied under cyber or computer fraud insurance policies, with many insurance carriers insisting that the policies only cover hacking-type intrusions.

In recent months, this stance has been denied—twice. Once by the Second Circuit in Medidata Solutions Inc. v. Federal Insurance Co. and once by the Sixth Circuit in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America.

In both cases, the court found in favor of the policyholder in a dispute over coverage for social engineering schemes. In Medidata, the insured brought suit claiming that its losses from an email spoofing attack were covered by a computer fraud provision in its insurance policy. The provision at issue covered losses stemming from any “entry of Data into” or “change to Data elements or program logic of” a computer system. The court reasoned that although no hacking occurred, the perpetrators crafted a computer-based spoofing code that enabled the fraudsters to send messages that appeared to come from one of Medidata’s employees. Similarly, in American Tooling, a fraudster send a series of emails, purportedly from a vendor, requesting that American Tooling wire transfer payments to new accounts. American Tooling wired over $800,000 before realizing that the emails were fraudulent. The court in American Tooling found that the loss was covered under the policy and that none of the asserted policy exclusions applied, finding that the emails were computer fraud that directly caused the loss.

Companies should understand the complexity and varied types of cyber incidents that they face, build in mechanisms to avoid engineering scams by validating proposed requests, and review their cyber and crime insurance policies to ensure that they take full advantage of available insurance coverage.  These cases also serve as a reminder to have a clear incident response policy in place and to quickly engage counsel who understands the complexities of the incident, as well as the insurance coverage, in order to minimize loss.