LAUW’s Glenn Dawson talks about the challenges in the management liability market and what separates some products from the rest
Management liability insurance represents crucial protection for Australian businesses. It’s essential coverage that helps to ensure that an organisation has the ongoing ability to run as it should when defending employment practices liability [EPL] claims, when it becomes the unwitting victim of crime perpetrated by an employee, or when facing steep financial penalties for breaches of legislation.
While directors & officers coverage is obviously imperative for large listed entities, management liability coverage offers crucial protection to businesses of all shapes and sizes. In fact, when it comes to smaller organisations, the kinds of events covered by a management liability policy can represent a far shorter path to financial ruin for a small business than for larger operations.
Glenn Dawson, portfolio manager for management liability at London Australia Underwriting, provides a snapshot of the current state of the market.
“From an underwriter’s perspective, the most significant aspect of the management liability market currently is that it is undergoing a correction similar to that of the directors & officers insurance market,” Dawson says. “Across many industry types, the minimum premiums and deductibles that are currently on offer have increased from recent historic levels … [and] underwriting guidelines/appetites are becoming more restrictive.”
In its #Optima2017 report published last October, Finity Consulting reported signs of material hardening in the management liability space, noting rate increases of between 10% and 20%. But despite that hardening, Finity also projected that another 25% rise in premiums would be necessary for those writing these risks to meet target profitability.
On the claims side, Finity reported an escalation in EPL claims, affording employers vital protection against claims made by employees for alleged discrimination, unfair dismissal, and sexual and workplace harassment. In its 2016–17 annual report, The Fair Work Commission reported that 14,135 unfair dismissal applications were lodged during the year. The commission anticipated that figure would remain steady in 2017–18.
Dawson says the major challenge for underwriters oering management liability cover in Australia at the moment is “trying to avoid attritional losses in a marketplace that has been highly competitive for a number of years, with insureds having enjoyed broad levels of coverage with comparatively low premium levels attached”.
Horizon scanning
On the subject of emerging claims trends in the management liability space, Dawson mentions one of the global insurance industry’s hottest topics: cyber.
“The major emerging trend that we have seen is the increasing frequency of cyber-related attacks leading to losses under management liability crime cover,” Dawson explains.
According to EY’s 2017–18 Global Information Security Survey, some estimates say the global cost of cybersecurity breaches will reach US$6trn (A$7.7trn), which is double the total for 2015.
And while cunning hackers can wreak havoc by breaking into companies’ systems, vulnerabilities in those systems aren’t the only weakness cyber criminals are exploiting. Dawson highlights the frequency of incidents in which social engineering techniques are employed by external third parties against organisations in order to trick employees into handing over valuable information and/ or money. Training and educating employees to be alert to these kinds of techniques is vital.
“We believe that more small business owners and managers need to recognise that planning for and protecting against these types of incidents is required for businesses of all sizes – not just those at the larger end of the spectrum,” Dawson says.
Cyber is especially topical in Australia right now as a result of the Notifiable Data Breaches [NDB] scheme (under Part IIIC of the Privacy Act 1988), which commenced on 22 February. The scheme requires all organisations to which it applies (which includes Australian government agencies, as well as businesses and not-for-profit organisations with an annual turnover of $3m or more) to notify affected individuals, as well as the Australian Information Commissioner, of a data breach that is likely to result in serious harm.
One of the major intentions of the scheme is to force greater transparency around the volume and severity of data breach incidents in Australia – failure to comply can result in fi nes of up to $420,000 for individuals and $2.1m for corporations.
In the short time since the scheme was enacted in law, the privacy commissioner has reportedly received notification of 31 breaches. The lingering question is what consequences those who comply with the scheme – and those who don’t – will ultimately face. And what level of exposure will the NDB scheme represent for management liability insurers?
“It remains to be seen what, if any, regulatory action is taken against companies and their management in response to notified – and also un-notified – data breaches,” Dawson says. “Affirmative policy language, specifi c coverage sub-limits or policy exclusions relating to the NDB scheme – under fines & penalties cover or statutory liability cover, for example – could be introduced by insurers moving forward.”
Defining differences
As to businesses’ level of understanding and appreciation of management liability risks, Dawson says the recent market correction is perhaps indicative that the coverage has generally been unappreciated.
“In recent years, the product has almost become commoditised,” he says, “with some in the market viewing all management liability policies as identical [and] price being the only differentiator.”
So, what is it that separates the best management liability policies in today’s market from the rest?
“As opposed to the insuring clauses and extensions on offer, I believe that it’s often the standard exclusions contained in a management liability wording that make a signifi cant difference to the level of cover afforded to an insured,” Dawson says.
He adds that brokers should take the time to understand how an insurer’s management liability product may or may not respond to common claim types.
“The type and number of standard exclusions that apply to management liability policies in the Australian market varies greatly between insurers,” Dawson says. “Some brokers aren’t aware of the differences as they apply to their clients, leading to issues at claim time.”
He says because of the commoditisation of the product, resulting from circumstances such as the use of online portals and specifically agreed pricing/facilities/schemes between insurers and broking houses, some brokers don’t take the time required to thoroughly read the standard exclusions applicable and understand how those may apply to an individual insured.
“The lowest price does not necessarily equate to the most appropriate level of cover for a particular insured,” Dawson says. “For example, some insurers apply a blanket insolvency exclusion to all policies as standard practice, whilst others only endorse this exclusion onto a policy as and when required. The same can be said of various types of major shareholder exclusions.
“Given that, historically speaking, the two types of claims that represent the most significant directors & officers/management liability insured losses are insolvency/ administration claims and shareholder-brought claims, a lack of understanding of these points can have material ramifications for both brokers and their insureds.”
Preventative measures
Dawson offers advice on what insureds – and their brokers – can do to mitigate management liability risks.
“Dependent on the size and resources of an entity, obtaining advice from external consultants can be a highly cost-effective way to assist a company with mitigating its exposure by educating its management and employees on both traditional and emerging risks,” he says.
“To use the NDB scheme as an example, this is a complex and still developing area. Yet, many clients are unaware that the NDB scheme applies to their business and that it is compulsory, meaning that they will be wholly unprepared if or when they have a notifiable data breach. A third-party consultant would easily be able to assist a client in this scenario.”