This article discusses some of the issues to consider when reviewing e-commerce
policies offering coverage for the following "first-party" risks:
natural peril property damage, employee dishonesty, third-party crime/malicious
conduct, extortion, computer programming error, and business interruption/extra
expense.
This is part of an ongoing series on e-commerce issues. Other articles
include:
This chart lists examples of stand-alone e-commerce insurance policies. Some
of the listed forms cover both first-party losses and third-party liability
claims. Some of the forms cover only one or the other of these two types of
risks. And with regard to first-party risks, some of the forms cover only the
insured's direct loss, while some also cover the insured's liability to
others for loss (e.g., employee theft, third-party theft). Accordingly, the
description of coverages is for general information only, and the actual
coverage provided by each listed policy is subject to the terms and conditions
of that policy.
With respect to the contact information provided, in most cases it directs
you to a general home page of a website. Since it can be frustrating to try to
obtain information about products from websites, often the quickest way to get
information and/or policy wording is by contacting an insurance broker (who
works in this area) and/or the insurer itself to ask for a copy of the policy
(preferably an electronic copy).
Any insurer listed below that believes that its product has been
characterized incorrectly, please direct comments to Michael Rossi. Any such
incorrect characterization is not intentional and will be corrected if we are
advised of the error. Any insurer who is not listed below that sells
stand-alone e-commerce insurance and who wants to be listed in the chart,
please send contact information and a copy of your policy form to Michael
Rossi, whose address and other biographical information can be accessed by
clicking on his name above. Also see the Insurance Law Group website at
www.inslawgroup.com.
In the previous installment to this column, we examined the state of the
market in the United States for stand-alone e-commerce insurance policies
offering third-party "liability insurance" coverage. This article
gives a broad overview of the issues that a corporate insured should consider
if it is going to use one or more of the new stand-alone e-commerce insurance
policies to insure "first-party" e-commerce risks.
Using the terms "liability" e-commerce insurance and
"first-party" e-commerce insurance is a bit of a misnomer. Employee
dishonesty and third-party malicious conduct exposures have liability risks
associated with them. And coverage for the insured's liability arising from
employee dishonesty and third-party malicious conduct can be provided by crime
policies. The same is true with respect to the risk of liability to others for
lost or damaged property in the insured's care, custody, or control. To
varying degrees, such liability can be covered under commercial property
policies.
In any event, this article discusses some of the issues to consider when
reviewing e-commerce policies offering coverage for one or more of the
following "first-party" risks: natural peril property damage,
employee dishonesty, third-party crime/malicious conduct, extortion, computer
programming error, and business interruption/extra expense.
It is written in the context of the author's experience working with
multinational corporate insureds based in the United States and the United
Kingdom that are trying to address their e-commerce insurance needs. But the
message being delivered here is intended for insurance professionals located
throughout the world, because in recent projects, it appears that e-commerce
insurance wordings are developing differently in different parts of the world.
Perhaps more than for any other subject in the past (except maybe for Y2K
issues), e-commerce insurance issues must be examined at the international
comparative level. Henceforth, this column will endeavor to do just that.
State of the Market for Stand-Alone First-Party E-Commerce Insurance
Policies
This chart lists examples of stand-alone e-commerce insurance policies. Some
of the listed forms cover both first-party losses and third-party liability
claims. Some of the forms cover only one or the other of these two types of
risks. And with regard to first-party risks, some of the forms cover only the
insured's direct loss, while some also cover the insured's liability to
others for loss (e.g., employee theft, third-party theft). Accordingly, the
description of coverages is for general information only, and the actual
coverage provided by each listed policy is subject to the terms and conditions
of that policy.
With respect to the contact information provided, in most cases it directs
you to a general home page of a website. Since it can be frustrating to try to
obtain information about products from websites, often the quickest way to get
information and/or policy wording is by contacting an insurance broker (who
works in this area) and/or the insurer itself to ask for a copy of the policy
(preferably an electronic copy).
Any insurer listed below that believes that its product has been
characterized incorrectly, please direct comments to Michael Rossi. Any such
incorrect characterization is not intentional and will be corrected if we are
advised of the error. Any insurer who is not listed below that sells
stand-alone e-commerce insurance and who wants to be listed in the chart,
please send contact information and a copy of your policy form to Michael
Rossi, whose address and other biographical information can be accessed by
clicking on his name above. Also see the Insurance Law Group website at
www.inslawgroup.com.
There are several different ways to buy stand-alone e-commerce insurance.
That is because the market is divided into endless variations.
Some of the new forms provide coverage only for professional services
liability and media errors and omissions liability. Some new forms provide
coverage only for employee dishonesty and third-party malicious conduct, such
as crime and extortion (both for loss of property, money, securities, etc., as
well as for business interruption and extra expense). But within that market
there are several different variations, the difference being what amount, if
any, of liability coverage is offered for indemnity and defense, because of
theft of or dissemination of data, information, etc., of others, for which the
insured is liable.
Some of the new forms provide coverage for not only employee dishonesty and
third-party malicious conduct, but also for loss caused by natural perils, as
well as by a computer programming negligent act, error, or omission by the
insured's employee or independent contractor. However, many of the forms
exclude both of these perils.
Finally, some of the new forms combine one or more of the foregoing
coverages into a program that provides both liability and first-party
coverage.
Capacity
As far as capacity goes, some insurers are offering only minimal capacity
(e.g., $2 or $3 million in limits). One can discern right away that these
insurers are looking to insure only smaller companies. Some insurers are
offering greater capacity, but the limits seen to date really are not
meaningful for many large companies (many companies are looking to maintain the
same limits that are maintained in the other policies in their programs—e.g.,
hundreds of millions, if not billions, of dollars for the very large
companies—but capacity appears to be in the low tens of millions of
dollars).
One insurer to watch, however, is FM Global. That insurer had intended to
"launch" e-commerce wordings for its property and crime coverages in
December 2000. It is rumored that such offerings will not be new
"stand-alone" products, but rather will be endorsements to FM
Global's current policy forms. However, the "launch" date got
pushed back first to January 2001, then to February 2001, and as of the time of
this article's publication, the launch date is set for April 1, 2001 (and
who really can say when, if ever, FM Global will launch its promised
wordings?).
This chart lists examples of stand-alone e-commerce insurance policies. Some
of the listed forms cover both first-party losses and third-party liability
claims. Some of the forms cover only one or the other of these two types of
risks. And with regard to first-party risks, some of the forms cover only the
insured's direct loss, while some also cover the insured's liability to
others for loss (e.g., employee theft, third-party theft). Accordingly, the
description of coverages is for general information only, and the actual
coverage provided by each listed policy is subject to the terms and conditions
of that policy.
With respect to the contact information provided, in most cases it directs
you to a general home page of a website. Since it can be frustrating to try to
obtain information about products from websites, often the quickest way to get
information and/or policy wording is by contacting an insurance broker (who
works in this area) and/or the insurer itself to ask for a copy of the policy
(preferably an electronic copy).
Any insurer listed below that believes that its product has been
characterized incorrectly, please direct comments to Michael Rossi. Any such
incorrect characterization is not intentional and will be corrected if we are
advised of the error. Any insurer who is not listed below that sells
stand-alone e-commerce insurance and who wants to be listed in the chart,
please send contact information and a copy of your policy form to Michael
Rossi, whose address and other biographical information can be accessed by
clicking on his name above. Also see the Insurance Law Group website at
www.inslawgroup.com.
Reviewing Quotes of Stand-Alone E-Commerce Insurance for First-Party
Risks
There are myriad issues to consider when reviewing a quote for stand-alone
e-commerce insurance. Space limitations prohibit a complete discussion. The
list of issues discussed in this article is illustrative, rather than
exhaustive.
Do the Employee Dishonesty/Crime Coverages Extend to the
Insured's Liability to Others? It is important to review the
employee dishonesty and third-party malicious conduct sections of the policy.
It is important to get coverage not only for your company's direct loss,
but also for your company's legal liability to others arising from employee
dishonesty and third-party malicious conduct. Also, ensure that defense costs
are included in such coverage. Finally, please note that some of the e-commerce
forms distinguish between the type of liability cover they offer. Some limit
the cover to liability to others for the value of the property that
was lost/stolen. Others, however, extend the cover to liability to others if
the lost/stolen property was used by the perpetrator of the crime in a way that
causes damages to the other persons.
The "classic" e-commerce example given by most commentators is
theft of credit card numbers or other information about an insured's
customers and use of those numbers and other information to the financial
injury of such customers. Another example given is theft of information about
children who have come to a website, or whose parents have entered data about
the children on a website, and a perpetrator getting a hold of the information
and somehow harming a child (whether emotionally or physically).
Does the Policy Cover Computer Programming Errors? This is
a very "hot" issue in the United States as well as the United
Kingdom. Many e-commerce forms expressly exclude coverage for errors in
computer programming. Some of the forms expressly cover the risk, but only for
property loss (excluding business interruption and extra expense loss). Some of
the forms cover the risk only for third-party contractor errors, but not for
employee errors. And only one or two of the forms provide both property and
business interruption/extra expense coverage for this risk, regardless of
whether an employee or third-party contractor caused the loss.
Does the Policy Cover "Natural Perils"?
Interestingly, most policies offered in the United States expressly exclude
natural peril losses and limit coverage to losses caused by employee dishonesty
or third-party malicious conduct. However, it seems that many policies offered
in the United Kingdom expressly provide coverage for natural peril losses.
Indeed, one global insurer sells an e-commerce form in the United States that
has a "natural perils" exclusion, and the text of that exclusion
serves, more or less, as a coverage grant for the same insurer's e-commerce
form sold in the United Kingdom/Europe.
Does the Business Interruption and Extra Expense Coverage Extend to
Contingent Risks? A common enhancement in traditional property
policies offering business interruption/extra expense is to obtain coverage for
"contingent" business interruption and "contingent" extra
expense. Such coverage applies when an insured suffers a business interruption
or extra expense loss because the insured's customer or supplier suffers a
loss and cannot accept the insured's goods (in the case of the customer) or
provide the insured with raw materials to create product (in the case of the
supplier). A supplier or customer could "go down" just as easily
because of an e-commerce-related loss as it could "go down" by fire,
explosion, flood, or earthquake. Thus, it is important to get contingent time
element coverage into any first-party e-commerce policy. However, only a
handful of the policy forms in the market expressly provide for such
coverage.
Does the Definition of "Covered Property" Extend to Trade
Secrets and Other Confidential Information? The first-party coverage
wordings all use different terminology to address the issue of whether, and to
what extent, confidential information and trade secrets are covered. Some of
the policies expressly cover all forms of confidential information, including
trade secrets. Some policies expressly exclude trade secrets from being
covered, and allow only coverage for customer and client information when it
comes to confidential information. Not only is it important to try to get trade
secrets covered, but care also must be taken in reviewing the valuation
provisions for trade secrets to make sure that the coverage being offered is
meaningful (you likely want coverage for the lost income caused by the
misappropriated trade secrets, or the cost of research and development of the
lost trade secrets, whichever is greater).
Difference-in-Conditions/Difference-in-Limits Issues
If you are the risk manager of a large company and are buying one of these
new e-commerce insurance policies, you likely are buying it on a
difference-in-conditions/difference-in-limits ("DIC/DIL") basis. The
DIC/DIL concept is that the policy "sits behind" and "sits on
top of" all the other coverages in your program. If something falls
through the cracks or is underinsured, the DIC/DIL policy is there to protect
you (subject to the policy's terms and conditions, of course).
Although the concept sounds straightforward, DIC/DIL policies can be tricky.
For one, you need to make sure that the defense provisions in the DIC/DIL
policy are the same as the defense provisions in the underlying policies.
Trouble can result if an underlying policy gives the insured the absolute right
to control the defense of a claim, but the DIC/DIL policy gives the insurer
that right. The same problems can arise if the provisions are reversed—that is,
the underlying policy provides that the insurer has the right and duty to
defend claims, whereas the DIC/DIL policy provides that it is the duty of the
insured to defend claims. There are other issues to consider as well, but space
limitations preclude a further discussion of them.
The Need To Review E-Commerce Wording Offerings on a Global Basis
Perhaps more than any other insurance issue that has come before (except
maybe the Y2K issue), these e-commerce insurance issues must be analyzed on a
global basis. All multinational corporate insureds, regardless of where they
are headquartered, should be demanding the same breadth of coverage that other
multinationals based in other parts of the world are obtaining. The only way to
attempt to achieve that goal is to obtain and review the e-commerce insurance
wording offerings (both in the stand-alone market and by endorsement to
traditional policies) in the major insurance markets of the world.
Without doubt, e-commerce insurance wordings (both in stand-alone e-commerce
policies and endorsements to traditional policies) are developing differently
around the world. One large global insurer, for example, sells stand-alone
e-commerce insurance in the United States and the United Kingdom. What serves
as an exclusion in the US policy offering of this insurer serves as an insuring
agreement in the UK policy. And this is just one example.
In sum, a multinational corporation, regardless of where it is
headquartered, can no longer afford to limit itself to a review of the
insurance wordings, and capacity, offered in the country in which it is
headquartered. For any e-commerce insurance issue it tries to address, it must
conduct an international comparative analysis of wordings available (both in
stand-alone e-commerce policies and in e-commerce endorsements to traditional
policies), at least in the key marketplaces of the world. And if the
multinational company does not have the means to conduct such an international
comparative analysis, then it needs to "partner" with an insurance
professional, whether broker, consultant, or lawyer, who can advise the company
on such issues.
Concluding Thoughts
In the final analysis, professionals in the insurance industry, whether they
be risk managers, insurance brokers, underwriters, lawyers, or consultants,
should know and understand the coverage issues being addressed by the new
stand-alone e-commerce insurance policies (both the combined forms and the
first-party-only coverage forms). Such knowledge is needed for a number of
reasons, including knowing what issues to look for when (1) placing one of the
new policies, and (2) auditing an insurance program to determine what, if any,
"tweaking" should be done to it so that it more fully responds to
e-commerce risks along the lines of the new stand-alone e-commerce insurance
policies.
The need to understand these issues on an international comparative level
cannot be overemphasized. As a risk manager (especially of large multinational
corporations), the only way to assure yourself that you are truly seeing what
the market really has to offer is to obtain and review e-commerce wordings
offered in the major insurance centers of the world. And, if you do not have
the time or resources to conduct such an analysis yourself, you should hire
someone to do it for you. It makes no sense for multinational corporate
insureds who compete with each other around the globe to have markedly
different e-commerce insurance coverage merely because they are headquartered
in different parts of the world. That potential scenario is antithetical to the
concept of a global insurance marketplace and should be avoided.