New Stand-Alone E-Commerce Insurance Policies for First-Party Risks
February 2001
This article discusses some of the issues
to consider when reviewing e-commerce policies offering coverage for the following
"first-party" risks: natural peril property damage, employee dishonesty, third-party
crime/malicious conduct, extortion, computer programming error, and business
interruption/extra expense.
by Michael
A. Rossi
Insurance Law
Group, Inc.
This is part of an ongoing series on e-commerce issues. Other articles include:
Also, refer to the Stand Alone E-Commerce
Market Survey for a chart listing the different stand-alone e-commerce insurance
policies currently known to the author. This chart will be updated on a regular
basis.
In the previous installment to this column, we examined the state of the
market in the United States for stand-alone e-commerce insurance policies offering
third-party "liability insurance" coverage. This article gives a broad overview
of the issues that a corporate insured should consider if it is going to use
one or more of the new stand-alone e-commerce insurance policies to insure "first-party"
e-commerce risks.
Using the terms "liability" e-commerce insurance and "first-party" e-commerce
insurance is a bit of a misnomer. Employee dishonesty and third-party malicious
conduct exposures have liability risks associated with them. And coverage for
the insured's liability arising from employee dishonesty and third-party malicious
conduct can be provided by crime policies. The same is true with respect to
the risk of liability to others for lost or damaged property in the insured's
care, custody, or control. To varying degrees, such liability can be covered
under commercial property policies.
In any event, this article discusses some of the issues to consider when
reviewing e-commerce policies offering coverage for one or more of the following
"first-party" risks: natural peril property damage, employee dishonesty, third-party
crime/malicious conduct, extortion, computer programming error, and business
interruption/extra expense.
It is written in the context of the author's experience working with multinational
corporate insureds based in the United States and the United Kingdom that are
trying to address their e-commerce insurance needs. But the message being delivered
here is intended for insurance professionals located throughout the world, because
in recent projects, it appears that e-commerce insurance wordings are developing
differently in different parts of the world. Perhaps more than for any other
subject in the past (except maybe for Y2K issues), e-commerce insurance issues
must be examined at the international comparative level. Henceforth, this column
will endeavor to do just that.
State of the Market for Stand-Alone First-Party E-Commerce Insurance Policies
Several insurers are offering stand-alone e-commerce insurance policies in
the United States and the United Kingdom for first-party e-commerce risks. The
forms known to the author are listed in the
Stand Alone E-Commerce Market Survey in this column on
IRMI.com.
There are several different ways to buy stand-alone e-commerce insurance.
That is because the market is divided into endless variations.
Some of the new forms provide coverage only for professional services liability
and media errors and omissions liability. Some new forms provide coverage only
for employee dishonesty and third-party malicious conduct, such as crime and
extortion (both for loss of property, money, securities, etc., as well as for
business interruption and extra expense). But within that market there are several
different variations, the difference being what amount, if any, of liability
coverage is offered for indemnity and defense, because of theft of or dissemination
of data, information, etc., of others, for which the insured is liable.
Some of the new forms provide coverage for not only employee dishonesty and
third-party malicious conduct, but also for loss caused by natural perils, as
well as by a computer programming negligent act, error, or omission by the insured's
employee or independent contractor. However, many of the forms exclude both
of these perils.
Finally, some of the new forms combine one or more of the foregoing coverages
into a program that provides both liability and first-party coverage.
Capacity
As far as capacity goes, some insurers are offering only minimal capacity
(e.g., $2 or $3 million in limits). One can discern right away that these insurers
are looking to insure only smaller companies. Some insurers are offering greater
capacity, but the limits seen to date really are not meaningful for many large
companies (many companies are looking to maintain the same limits that are maintained
in the other policies in their programs—e.g., hundreds of millions, if not billions,
of dollars for the very large companies—but capacity appears to be in the low
tens of millions of dollars).
One insurer to watch, however, is FM Global. That insurer had intended to
"launch" e-commerce wordings for its property and crime coverages in December
2000. It is rumored that such offerings will not be new "stand-alone" products,
but rather will be endorsements to FM Global's current policy forms. However,
the "launch" date got pushed back first to January 2001, then to February 2001,
and as of the time of this article's publication, the launch date is set for
April 1, 2001 (and who really can say when, if ever, FM Global will launch its
promised wordings?).
If FM Global does come out with good wording and meaningful capacity, it
really could open things up quite a bit for large multinationals looking to
amend their traditional policies in their programs, rather than buy stand-alone
e-commerce policies. Traditional insurers should have to start making amendments
in order to compete. Also, the stand-alone insurers presumably would have to
increase capacity to compete. This will particularly be an interesting course
of events to follow as the U.S. and U.K. property markets have hardened substantially
for many policyholders in the last 6 months. Readers can monitor the
Stand
Alone E-Commerce Market Survey on IRMI.com
to find out if FM Global ever does come out with the promised offerings.
Reviewing Quotes of Stand-Alone E-Commerce Insurance for First-Party Risks
There are myriad issues to consider when reviewing a quote for stand-alone
e-commerce insurance. Space limitations prohibit a complete discussion. The
list of issues discussed below is illustrative, rather than exhaustive.
Do the Employee Dishonesty/Crime Coverages Extend
to the Insured's Liability to Others? It is important to review the employee
dishonesty and third-party malicious conduct sections of the policy. It is important
to get coverage not only for your company's direct loss, but also for your company's
legal liability to others arising from employee dishonesty and third-party malicious
conduct. Also, ensure that defense costs are included in such coverage. Finally,
please note that some of the e-commerce forms distinguish between the type of
liability cover they offer. Some limit the cover to liability to others for
the value of the property that was lost/stolen.
Others, however, extend the cover to liability to others if the lost/stolen
property was used by the perpetrator of the crime in a way that causes
damages to the other persons.
The "classic" e-commerce example given by most commentators is theft of credit
card numbers or other information about an insured's customers and use of those
numbers and other information to the financial injury of such customers. Another
example given is theft of information about children who have come to a Web
site, or whose parents have entered data about the children on a Web site, and
a perpetrator getting a hold of the information and somehow harming a child
(whether emotionally or physically).
Does the Policy Cover Computer Programming Errors?
This is a very "hot" issue in the United States as well as the United Kingdom.
Many e-commerce forms expressly exclude coverage for errors in computer programming.
Some of the forms expressly cover the risk, but only for property loss (excluding
business interruption and extra expense loss). Some of the forms cover the risk
only for third-party contractor errors, but not for employee errors. And only
one or two of the forms provide both property and business interruption/extra
expense coverage for this risk, regardless of whether an employee or third-party
contractor caused the loss.
Does the Policy Cover "Natural Perils"? Interestingly,
most policies offered in the United States expressly exclude natural peril losses
and limit coverage to losses caused by employee dishonesty or third-party malicious
conduct. However, it seems that many policies offered in the United Kingdom
expressly provide coverage for natural peril losses. Indeed, one global insurer
sells an e-commerce form in the United States that has a "natural perils" exclusion,
and the text of that exclusion serves, more or less, as a coverage grant for
the same insurer's e-commerce form sold in the United Kingdom/Europe.
Does the Business Interruption and Extra Expense Coverage
Extend to Contingent Risks? A common enhancement in traditional property
policies offering business interruption/extra expense is to obtain coverage
for "contingent" business interruption and "contingent" extra expense. Such
coverage applies when an insured suffers a business interruption or extra expense
loss because the insured's customer or supplier suffers a loss and cannot accept
the insured's goods (in the case of the customer) or provide the insured with
raw materials to create product (in the case of the supplier). A supplier or
customer could "go down" just as easily because of an e-commerce-related loss
as it could "go down" by fire, explosion, flood, or earthquake. Thus, it is
important to get contingent time element coverage into any first-party e-commerce
policy. However, only a handful of the policy forms in the market expressly
provide for such coverage.
Does the Definition of "Covered Property" Extend to
Trade Secrets and Other Confidential Information? The first-party coverage
wordings all use different terminology to address the issue of whether, and
to what extent, confidential information and trade secrets are covered. Some
of the policies expressly cover all forms of confidential information, including
trade secrets. Some policies expressly exclude trade secrets from being covered,
and allow only coverage for customer and client information when it comes to
confidential information. Not only is it important to try to get trade secrets
covered, but care also must be taken in reviewing the valuation provisions for
trade secrets to make sure that the coverage being offered is meaningful (you
likely want coverage for the lost income caused by the misappropriated trade
secrets, or the cost of research and development of the lost trade secrets,
whichever is greater).
Difference-in-Conditions/Difference-in-Limits Issues
If you are the risk manager of a large company and are buying one of these
new e-commerce insurance policies, you likely are buying it on a difference-in-conditions/difference-in-limits
("DIC/DIL") basis. The DIC/DIL concept is that the policy "sits behind" and
"sits on top of" all the other coverages in your program. If something falls
through the cracks or is underinsured, the DIC/DIL policy is there to protect
you (subject to the policy's terms and conditions, of course).
Although the concept sounds straightforward, DIC/DIL policies can be tricky.
For one, you need to make sure that the defense provisions in the DIC/DIL policy
are the same as the defense provisions in the underlying policies. Trouble can
result if an underlying policy gives the insured the absolute right to control
the defense of a claim, but the DIC/DIL policy gives the insurer that right.
The same problems can arise if the provisions are reversed—that is, the underlying
policy provides that the insurer has the right and duty to defend claims, whereas
the DIC/DIL policy provides that it is the duty of the insured to defend claims.
There are other issues to consider as well, but space limitations preclude a
further discussion of them.
The Need To Review E-Commerce Wording Offerings on a Global Basis
Perhaps more than any other insurance issue that has come before (except
maybe the Y2K issue), these e-commerce insurance issues must be analyzed on
a global basis. All multinational corporate insureds, regardless of where they
are headquartered, should be demanding the same breadth of coverage that other
multinationals based in other parts of the world are obtaining. The only way
to attempt to achieve that goal is to obtain and review the e-commerce insurance
wording offerings (both in the stand-alone market and by endorsement to traditional
policies) in the major insurance markets of the world.
Without doubt, e-commerce insurance wordings (both in stand-alone e-commerce
policies and endorsements to traditional policies) are developing differently
around the world. One large global insurer, for example, sells stand-alone e-commerce
insurance in the United States and the United Kingdom. What serves as an exclusion
in the U.S. policy offering of this insurer serves as an insuring agreement
in the U.K. policy. And this is just one example.
In sum, a multinational corporation, regardless of where it is headquartered,
can no longer afford to limit itself to a review of the insurance wordings,
and capacity, offered in the country in which it is headquartered. For any e-commerce
insurance issue it tries to address, it must conduct an international comparative
analysis of wordings available (both in stand-alone e-commerce policies and
in e-commerce endorsements to traditional policies), at least in the key marketplaces
of the world. And if the multinational company does not have the means to conduct
such an international comparative analysis, then it needs to "partner" with
an insurance professional, whether broker, consultant, or lawyer, who can advise
the company on such issues.
Concluding Thoughts
In the final analysis, professionals in the insurance industry, whether they
be risk managers, insurance brokers, underwriters, lawyers, or consultants,
should know and understand the coverage issues being addressed by the new stand-alone
e-commerce insurance policies (both the combined forms and the first-party-only
coverage forms). Such knowledge is needed for a number of reasons, including
knowing what issues to look for when (1) placing one of the new policies, and
(2) auditing an insurance program to determine what, if any, "tweaking" should
be done to it so that it more fully responds to e-commerce risks along the lines
of the new stand-alone e-commerce insurance policies.
The need to understand these issues on an international comparative level
cannot be overemphasized. As a risk manager (especially of large multinational
corporations), the only way to assure yourself that you are truly seeing what
the market really has to offer is to obtain and review e-commerce wordings offered
in the major insurance centers of the world. And, if you do not have the time
or resources to conduct such an analysis yourself, you should hire someone to
do it for you. It makes no sense for multinational corporate insureds who compete
with each other around the globe to have markedly different e-commerce insurance
coverage merely because they are headquartered in different parts of the world.
That potential scenario is antithetical to the concept of a global insurance
marketplace and should be avoided.
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author's employer or IRMI. Expert Commentary articles
and other IRMI Online content do not purport to provide legal, accounting, or other
professional advice or opinion. If such advice is needed, consult with your attorney,
accountant, or other qualified adviser.