Business leaders make decidions each day on a range of issues including things like hiring, firing, compensation, promotions and the work environment. Every one of these decisions impacts your employees and, depending on the outcome, could result in a claim related to wrongful employment practices.
These claims can disrupt business, hurt morale, damage your reputation and lead to serious financial damages. Thankfully, employment practicies liability (EPL) insurance can provide organizations with protection from the above risks. Specifically, EPL insurance provides the following to policyholders.
Coverage for alleged acts.
EPL insurance not only protects organization from actual wrongful acts, but alleged acts as well. Specifically, EPL coverage can safeguard an organization from claims related to discrimination, harassment, retaliation and wrongful termination.
Timely responses to lawsuits.
Employees suing their employers is common, and orginzations will want to be prepared. This is especially important when you consider that there is no cap on how much a jury can award and that settlements in employment-related cases can easily reach six-figures.
Access to legal help.
Strong EPL policies provide the insured with access to legal resouces. This can prove invaluable if you need advice quickly.
Risk management strategies.
While employment-related lawsuits can arise at any time, organizations that take the time to implement basic risk controls are better equipped to avoid claims altogether. Many insurance companies provide access to risk management training and human resources consulting. These services can greatly reduce the likelihood that your company is sued by an employee.
Additional protection for your directors and officers.
While directors and officers (D&O) insurance can defend against employment-related lawsuits, dedicated EPL insurance is necessary for many orginzations.Having a policy that provides separate coverage for lawsuits connected to wrongful terminations, discrimination, invasion of privacy and similar employent claims ensures that the limits on your D&O policy aren’t exhuasted unnecessarily.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber liability insurance policies are tailored to meet your company’s specific needs and can offer a number of important benefits, including the following:
Data breach coverage.
In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
Business interruption loss reimbursement.
A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
Cyber extortion defense.
Ransomware and similar malicious software are designed to steal and withhold key data from organization until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup loses related to cyber extortion.
Following a cyber attack, your organization will have to investigate to determine the extent of the breach and what led to it. The right policy can reimburse the insured for costs related to forensics and seeking out expert advice. Additionally, some policies can provide 24/7 support from cyber specialists, which is especially useful following a hack or data breach.
In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly, Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
Coverage beyond a general liability policy.
General liability policies don’t always protect organizations from losses related to data breaches. What’s more, data is generally worth far more than physical assets, and it’s important to have the right protection in place when you need it most. Supplementing your insurance with cyber coverage can provide you with peace of mind that, in even of an attack, your organization’s financial and reputational well-being is protected.
To learn more about cyber liability insurance, contact us today.
On Oct. 31, 2017, the Internal Revenue Service (IRS) issued Notice 2017-67 to provide comprehensive guidance on a variety of topics regarding qualified small employer health reimbursement arrangements (QSEHRAs). Small employers that do not maintain group health plans may establish QSEHRAs for their employees, effective for plan years beginning on or after Jan. 1, 2017. Unlike other health accounts, QSEHRAs can be used to reimburse employees for their health insurance premiums.
Notice 2017-67 clarifies the technical rules for QSEHRAs, including the requirements that employees provide proof of minimum essential coverage (MEC) and that employers provide a written notice to eligible employees each year.
Small employers with QSEHRAs should confirm that their QSEHRAs comply with this new guidance. Notice 2017-62 applies to plan years beginning on or after Nov. 20, 2017. In addition, employers may need to provide their initial written notice by Feb. 19, 2018.
Beginning Jan. 1, 2017, employers that are not applicable large employers under the Affordable Care Act and do not maintain group health plans may sponsor QSEHRAs to pay for employees’ individual health insurance policies and other out-of-pocket medical expenses on a tax-favored basis. To qualify as a QSEHRA, the reimbursement arrangement must meet the following criteria:
- The QSEHRA must be funded solely by the employer. Employees cannot make their own salary reduction contributions.
- QSEHRA payments or reimbursements must be limited to medical care expenses incurred by the employee or the employee’s family members, after the employee provides proof of coverage.
- The maximum amount of payments and reimbursements from the QSEHRA for any year cannot exceed $4,950 (or $10,000 for QSEHRAs that also reimburse medical expenses of the employee’s family members). These amounts are adjusted annually for inflation. For 2018, the total amount of payments and reimbursements from a QSEHRA cannot exceed $5,050 ($10,250 for family coverage).
- The QSEHRA must be provided on the same terms to all eligible employees.
IRS Guidance on QSEHRAs – Notice 2017-67
Notice 2017-67 provides detailed guidance on a wide range of topics for QSEHRAs, including the criteria for QSEHRAs, the tax consequences of the arrangement, the impact on eligibility for health savings account (HSA) contributions and the written notice requirement.
The guidance applies for plan years beginning on or after Nov. 20, 2017, although QSEHRAs established before that date may rely on this guidance. Also, employers that established QSEHRAs for 2017 in accordance with a reasonable good faith interpretation of the law may continue to operate their QSEHRAs based on those terms until the last day of the plan year that began in 2017.
An employer funding a QSEHRA for any year must provide a written notice to each eligible employee at least 90 days before the beginning of each year. For employees who become eligible to participate in the QSEHRA during the year, the notice must be provided by the date on which the employee becomes eligible to participate. If an employer fails to provide this notice for a reason other than reasonable cause, the employer may be subject to a penalty of $50 per employee for each failure, up to a maximum annual penalty of $2,500 for all notice failures during the year. On Feb. 27, 2017, the IRS delayed the initial notice deadline pending its issuance of further guidance.
Notice 2017-67 provides a new deadline for the initial QSEHRA notice, as well as sample language that employers may use.
Initial Notice Deadline – An eligible employer that provides a QSEHRA during 2017 or 2018 must provide the initial written notice to eligible employees by the later of (1) Feb. 19, 2018, or (2) 90 days before the first day of the QSEHRA’s plan year. According to the IRS, penalties may apply to any employer that does not timely provide the written notice.
Same Terms Requirement
Notice 2017-67 explains what it means for a QSEHRA to be provided on the same terms to all eligible employees. For example, to satisfy this requirement:
- The QSEHRA must be operated on a uniform and consistent basis for all eligible employees;
- Eligible employees cannot be allowed to waive coverage; and
- If an employer is part of a controlled group or affiliated service group (as determined under Internal Revenue Code Section 414), each employer in the group must provide a QSEHRA to all eligible employees on the same terms.
In addition, Notice 2017-67 confirms that a QSEHRA may be designed to limit reimbursements to certain medical expenses (for example, health insurance premiums or cost-sharing expenses that are medical expenses). However, a QSEHRA will fail to satisfy the same terms requirement if, under the facts and circumstances, the plan’s reimbursement limit causes the QSEHRA not to be effectively available to all eligible employees. This may occur, for example, if a QSEHRA limits reimbursements to Medicare or Medicare supplement policies.
Maximum Benefit and Reimbursements
QSEHRAs may use the statutory dollar limits in effect for the preceding year to determine permitted benefits, rather than the dollar limits in effect for the current year. IRS Notice 2017-67 also confirms that any carryovers of unused amounts from a prior plan year are taken into account when determining an employee’s maximum annual benefit. An employee’s total permitted benefit, taking into account both carry-over amounts and newly available amounts, may not exceed the applicable statutory dollar limit.
In addition, a QSEHRA may reimburse premiums for coverage under the group health plan of a spouse’s employer. However, the reimbursement is taxable to the extent that the spouse’s share of premiums was paid on a pre-tax basis.
Proof of Coverage
Before a QSEHRA can reimburse an expense for any plan year, the eligible employee must first provide proof that he or she had MEC for the month during which the expense was incurred. This proof must consist of either:
- A document from a third party (for example, the insurer) showing that the employee had coverage (for example, an insurance card or explanation of benefits) and an attestation by the employee that the coverage was MEC; or
- An attestation by the employee stating that the employee had MEC, the date the coverage began and the name of the coverage provider.
- Notice 2017-67 includes model attestation language that employers may use. The initial proof of MEC must be provided with respect to each individual whose expenses are eligible for reimbursement before the first expense reimbursement. Following the initial proof, the employee must attest with each new request for reimbursement during the plan year that the employee and the individual whose expenses are being reimbursed (if different) continue to have MEC. This attestation can be part of the form for requesting reimbursement.
Employers that sponsor QSEHRAs must report the amount of payments and reimbursements that an eligible employee is entitled to receive from the QSEHRA for the calendar year in box 12 of the employee’s Form W-2 using code FF, without regard to the payments or reimbursements actually received. Notice 2017-67 provides detailed rules for this reporting.
In addition, Notice 2017-67 confirms that an employer providing a QSEHRA is not required to provide IRS Forms 1095-B (Section 6056 statements) to covered employees. However, a QSEHRA is subject to the Patient-Centered Outcomes Research Institute (PCORI) fee, which applies for plan years ending before Oct. 1, 2019.
Employers that sponsor QSEHRAs may contribute to employees’ HSAs and may allow employees to make pre-tax HSA contributions through a Section 125 plan.
Notice 2017-67 also addresses how QSEHRA coverage impacts an individual’s eligibility for HSA contributions. To be HSA-eligible, an individual must be covered by a high deductible health plan (HDHP) and not be covered by other health coverage that provides benefits below the HDHP minimum deductible. According to the IRS, if the QSEHRA only reimburses health insurance premiums, it will not cause an individual to be ineligible for HSA contributions. However, individuals who are covered by QSEHRAs that reimburse any medical expenses, including cost sharing, are not eligible for HSA contributions.
When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. What’s more, cyber exposures impact businesses of all kinds, regardless of their size, area of focus, or status as a private or public entity.
In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.
To help oversee their organization’s cyber risk management, boards should ask the following questions:
Does the organization utilize technology to prevent data breaches?
Every company must have robust cyber security tools and anti-virus systems in place. These systems act as a first line of defense for detecting and preventing potentially debilitating breaches.
While it may sound obvious, many organizations fail to take cyber threats seriously and implement even the simplest protections. Boards can help highlight the importance of cyber security, ensuring that basic, preventive measures are in place.
These preventive measures must be reviewed on a regular basis, as cyber threats can evolve quickly. Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are up to date and effective.
Has the board or the company’s management team identified a senior member to be responsible for organizational cyber security preparedness?
Organizations that fail to create cyber-specific leadership roles could end up paying more for a data breach than organizations that do. This is because, in the event of a cyber incident, a fast response and clear guidance is needed to contain a breach and limit damages.
When establishing a chief information security officer or similar cyber leadership role, boards need to be involved in the process. Cyber leaders should have a good mix of technical and business experience. This individual should also be able to explain cyber risks and mitigation tactics at a high level so they are easy to understand for those who are not well-versed in technical terminology.
It should be noted that hiring a chief information security officer or creating a new cyber leadership role is not practical for every organization. In these instances, organizations should identify a qualified, in-house team member and roll cyber security responsibilities into their current job requirements. At a minimum, boards need to ensure that their company has a go-to resource for managing cyber security.
Does the organization have a comprehensive cyber security program? Does it include specific policies and procedures?
It is essential for companies to create comprehensive data privacy and cyber security programs. These programs help organizations build a framework for detecting threats, remain informed on emerging risks and establish a cyber response plan.
Corporate boards should ensure that cyber security programs align with industry standards. These programs should be audited on a regular basis to ensure effectiveness and internal compliance.
Does the organization have a breach response plan in place?
Even the most secure organizations can be impacted by a data breach. What’s more, it can often take days or even months for a company to notice its data has been compromised.
While cyber security programs help secure an organization’s digital assets, breach response plans provide clear steps for companies to follow when a cyber event occurs. Breach response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damage.
Board members should ensure that crisis management and breach response plans are documented. Specific actions noted in breach response plans should also be rehearsed through simulations and team interactions to evaluate effectiveness.
In addition, response plans should clearly identify key individuals and their responsibilities. This ensures that there is no confusion in the event of a breach and your organization’s response plan runs as smoothly as possible.
Has the organization discussed and formalized a cyber risk budget? How engaged is the board in terms of providing guidance related to cyber exposures?
Both overpaying and underpaying for cyber security services can negatively affect an organization. Creating a budget based on informed decisions and research helps companies invest in the right tools.
Boards can help oversee investments and ensure that they are directed toward baseline security controls that address common threats. Boards, with guidance from the chief security officer or a similar cyber leader, should also prioritize funding. That way, an organization’s most vulnerable and important assets are protected.
Has the management team provided adequate employee training to ensure sensitive data is handled correctly?
While employees can be a company’s greatest asset, they also represent one of their biggest cyber liabilities. This is because hackers commonly exploit employees through spear phishing and similar scams. When this happens, employees can unknowingly give criminals access to their employer’s entire system.
In order to ensure data security, organizations must provide thorough employee training. Boards can help oversee this process and instruct management to make training programs meaningful and based on more than just written policies.
In addition, boards should see to it that education programs are properly designed and foster a culture of cyber security awareness.
Has management taken the appropriate steps to reduce cyber risks when working with third parties?
Working alongside third-party vendors is common for many businesses. However, whenever an organization entrusts its data to an outside source, there’s a chance that it could be compromised.
Boards can help ensure that vendors and other partners are aware of their organization’s cyber security expectations. Boards should work with the company’s management team to draw up a standard third-party agreement that identifies how the vendor will protect sensitive data, whether or not the vendor will subcontract any services and how it intends to inform the organization if data is compromised.
Does the organization have a system in place for staying current on cyber trends, news, and federal, state, industry and international data security regulations?
Cyber-related legislation can change with little warning, often having a sprawling impact on the way organizations do business. If organizations do not keep up with federal, state, industry and international data security regulations, they could face serious fines or other penalties.
Boards should ensure that the chief information security officer or similar leader is aware of his or her role in upholding cyber compliance. In addition, boards should ensure that there is a system in place for identifying, evaluating and implementing compliance-related legislation.
Additionally, boards should constantly seek opportunities to bring expert perspectives into boardroom discussions. Often, authorities from government, law enforcement and cyber security agencies can provide invaluable advice. Building a relationship with these types of entities can help organizations evaluate their cyber strengths, weaknesses and critical needs.
Has the organization conducted a thorough risk assessment? Has the organization purchased or considered purchasing cyber liability insurance?
Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.
The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. As such, boards, alongside the company’s management team, need to conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.
Asking thoughtful questions can help boards better understand the strategies management uses to prevent, detect and respond to data breaches. When it comes to cyber threats, organizations need to be diligent and thorough in their risk prevention tactics, and boards can help move the cyber conversation in the right direction.
Cyber exposures impact organizations from top to bottom, and all team members play a role in maintaining a secure environment. However, managing personnel and technology can be a challenge, particularly for organizations that don’t know where to start.
That’s where Scurich Insurance can help. Contact us today to learn more about cyber risk mitigation strategies you can implement today to secure your business.
Serving alcohol is a common practice for restaurants, bars, catering companies, entertainment venues and similar establishments. While providing a wide array of beverage options is important, serving alcohol in particular can create a variety of risks for business owners.
For instance, if a patron of your business becomes intoxicated and injures a third party or causes property damage, you could be held liable for the damages. In order to protect your business from serious financial and reputational losses, it’s important to consider purchasing liquor liability insurance.
What is Liquor Liability?
The term liquor liability refers to an organization’s legal and financial responsibility for the actions of individuals who consume alcohol at their establishment. Under liquor liability laws, a business can be found liable for both the bodily injury and property damage caused by a person they improperly served alcohol to.
What is Liquor Liability Insurance?
Liquor liability insurance is designed to protect any business that sells or serves alcoholic beverages. Specifically, this type of insurance covers damages that result from things like fights, careless behavior or automobile accidents caused by individuals who have consumed alcohol.
Liquor liability is important, as it protects you should your clients or patrons sue your business for damages related to their intoxication—something a general liability policy won’t cover.
Most businesses carry a general liability policy, which covers claims against your business for bodily injury, property damage or personal injury. While these policies often include host liquor liability coverage, they only provide protection related to the incidental service of alcohol. While host liquor liability may protect you if you are simply serving alcohol at a company party, it does not offer the coverage you need if you sell alcohol as part of your business.
What’s more, the majority of states require establishments that serve, sell or assist in the purchase of alcohol to carry liquor liability insurance. As such, it’s important to know what to look for in a policy.
What Should My Policy Account For?
When it comes to protecting your business from any kind of liability, it’s critical that you account for common risks. In order to secure the right level of coverage, keep in mind the following policy enhancements when shopping for liquor liability insurance:
Assault and battery coverage.
When alcohol is involved, fights are a common risk. However, many liquor liability policies exclude coverage for assault and battery. Therefore, it’s important to ensure you account for this protection when building your policy. It should be noted that assault and battery coverage can also be extended to include specific incidents such as sexual assault, stabbings and shootings.
Legal fees from liquor-related claims can easily exceed tens of thousands of dollars. Be sure that your policy accounts for defense costs outside of the policy limit. Otherwise, legal expenses could quickly exhaust your policy limit, leaving little to no insurance to pay for any damages.
Even if you forbid your employees to drink on the job, there’s a chance that they may disregard your instruction. Look for a policy that will cover your employees as patrons to better protect your business from liquor-related incidents.
In the event of a lawsuit, claimants may allege they were injured in nonphysical ways. In these instances, patrons could sue you for stress, mental anguish or psychological injury. Ensure that your policy accounts for these types of injuries.
It should be noted that liquor liability insurance won’t cover claims that arise from the sale of alcohol to minors or similar illegal transactions. Be sure your employees are instructed to verify patrons are of legal drinking age.
What Determines Pricing?
The underwriting process for liquor liability insurance can differ depending on the type of business you conduct. In general, the following four factors determine the rating and pricing of coverage:
Type of venue. When examining a business’s risk, underwriters look to identify the primary purpose of a venue. If you own a restaurant, the primary purpose of your venue is to serve food, so you are generally considered to have less risk than a nightclub or tavern.
Location of the venue.
Liquor laws can vary drastically depending on the jurisdiction. Each state has its own scoring system based on the nature of local dram shop laws. Dram shop laws impose certain liability standards on area venues that serve alcohol. Because the strictness of these laws may change from location to location, where you operate your business can have a major impact on how your liquor liability insurance is priced.
Percentage of liquor sales.
As a general rule, the more alcohol sales you make, the higher your premiums will be. This factor tends to have more of an impact on pricing than venue type, as a restaurant that has a high percentage of alcohol sales may be priced similar to a bar.
Individual traits of the risk. There are a number of miscellaneous variables underwriters will take into consideration when pricing out policies, including the following:
- Types of entertainment offered
- Experience level of management
- Formal loss control measures
- Security measures and procedures for dealing with intoxicated patrons
Serve Your Patrons Responsibly
When serving liquor, the best way to protect your business from potential claims is through proper risk management and liquor liability insurance. These policies can be complex, and it’s important to discuss the nature of your operations with a qualified insurance broker. Contact Scurich Insurance today to learn more.
Contractors, no matter what industry they work in, face environmental risks stemming from operations on a daily basis. For most contractors, a single pollution incident or loss can seriously damage their reputation, operations and even their balance sheet. Making matters worse, pollution incidents can be sudden or occur gradually over time.
While many contractors assume that environmental claims will be covered under their commercial general liability (CGL) policy, the unfortunate reality is that most CGLs contain pollution exclusions that leave contractors uninsured in the event of a pollution incident.
Thankfully, contractors are increasingly turning to contractors pollution liability (CPL) insurance to ensure they have the right coverage in place to remain secure and profitable.
CPL Coverage Basics
CPL policies provide contractor-based insurance for third-party coverage for bodily injury, property damage, defense, and cleanup as a result of sudden and gradual pollution incidents arising from contracting operations performed by or on behalf of the contractor. CPL insurance is intended to provide coverage to all types of contracting operations, including contractors who are involved in building construction and environmental firms that remediate polluted sites.
CPL policies are offered on either a claims-made or occurrence basis. What’s more, CPL policies are nonstandard, meaning each policy is different and can be modified to cover the various needs of the contractor purchasing the policy. Policies can be offered on a project or blanket program basis.
In some instances, CPL policies can also be used to cover losses from civil fines, penalties and punitive damages.
Covered Pollution Incidents
Contractors should keep in mind that CPL insurance policies differ in regard to the types of pollution incidents that are covered. Two important considerations when evaluating CPL insurance policies are:
- Whether or not the policy will respond to gradual releases of pollutants, as opposed to sudden and accidental releases
- The types of substances that are considered “pollutants” under the terms of the policy
Generally, policies that cover both gradual and sudden releases of pollutants provide contractors with a broader scope of coverage. In addition, policies that provide a broad definition of pollutants are considered superior to those that contain a narrow definition. Accordingly, it is important that contractors work with their broker to find a CPL policy that is tailored to their needs.
CGL Pollution Exclusions
A primary reason why contractors obtain a CPL policy is due to the various pollution exclusions contained in most CGL policies. The pollution exclusions found in most CGL policies take one of two forms, either “absolute” or “total.”
CGL policies with an absolute pollution exclusion remove coverage for most pollution events that would occur in the course of an insured’s business operations. However, despite its name, an absolute pollution exclusion may preserve coverage for certain incidental pollution damages, products and completed operations liability, and certain off-premises work.
However, more commonly, CGL policies include a more restrictive “total pollution exclusion.” This type of exclusion effectively removes coverage for any event the insurer characterizes as a pollution incident.
Contractual requirements serve as another motivating factor that lead many contractors to obtain a CPL policy. In many instances, project owners and general contractors will require contractors to obtain pollution insurance that meets certain, predetermined standards.
From this perspective, having a CPL insurance policy in place can serve as an upfront sales tool during the bidding process that enables contractors to qualify for opportunities when such coverage is required.
Finding the Right Policy
Regardless of specialty, all contractors should be mindful of the pollution risks associated with their work. A CPL insurance policy can provide much-needed security in the event of a pollution incident, even in the most unlikely of circumstances.
Let Scurich Insurance work with your organization to find the CPL coverage that is right for you.