July 19, 2024, by Kyle Langan

$5 million award for victim of perpetrator who abused teen girl co-workers at Wendys 

QUESTION

Which commercial insurance contract responds to this type of loss?

Failure #1: Thorough pre-hire background check

The lawsuit alleges that the company hired the perpetrator in October 2016, despite his previous convictions in Missouri of rape and first-degree sexual abuse cases. [1] These did not appear on Case.net, which provides access to the Missouri state courts’ automated case management system. Perhaps Missouri could make changes to make data like this more easily accessible for the public.

Wendy’s corporate media team said “the franchise owner is an independent business owner and thus is responsible for all employment functions.” While it may seem like a deflection, this response is inherently true. Wendy’s transferred this risk to the franchise owner. However, separately, and difficult to quantify, this loss could cause reputational damage for Wendy’s. As part of its response, it said “The Wendy’s Company takes the safety and well-being of our employees very seriously and we have a zero-tolerance policy for this type of behavior.” [2]

Failure #2: Response, investigation into the issue once presented with the facts

According to the lawsuit, the anonymous teen and her mother reported the inappropriate behavior to upper management, but they failed to investigate the issue. [3] The franchise owner should have terminated the perpetrator and banned him from the premises. Instead, the franchise failed again to mitigate and respond to severe employment-related claims. This part was likely the key contributing factor to the $5 million award.

ANSWER

The commercial insurance contract that responds to this type of loss is Employment Practices Liability Insurance (EPL or EPLI), which deals with wrongful termination and other employment-related wrongful acts, like discrimination and sexual harassment. It can address the increasing tendency of aggrieved parties to turn to courts for the settlement of disputes. Insurers exclude these types of losses from General Liability policies.

References

[1]–[3]

Rieck, D. (2024, July 12). Wendy’s, store manager to pay $5 million in sexual assault lawsuit filed by former Teen Worker. STLtoday.com.

<https://www.stltoday.com/news/local/crime-courts/wendys-store-manager-to-pay-5-million-in-sexual-assault-lawsuit-filed-by-former-teen/article_80750590-4057-11ef-8f09 07e18738e771.html#:~:text=ST.,her%20while%20she%20was%20working.>

Commercial decision makers may have seen ‘coverage highlights’ or vague, abstract views of assailant coverage. To dive deeper, what sort of actual policy language should a buyer of an Active Assailant Insurance Contract Expect?

Protection for Losses Arising From An Attack at Insured Location.

Perils covered, directly resulting from an Attack that occurs during the policy term at an Insured Location:

• Business Interruption, Extra Expense costs, resulting from the interruption of Your business at Your Property or an Insured Location(s) at which the Attack occurred.
• Legal Liability. Damages and Claim Expenses which the Insured shall become legally obligated to pay, as a result of and solely and directly arising from an Attack;
  • provided that, Claims Made and Reported conditions are met: such Attack takes place on or after the Policy inception date and before the expiration, such Claim is first made against the Insured during the Period of Insurance, and notice of such Claim is given to the Insured in accordance with the conditions laid out in the Policy’s claim requirements
• Direct physical loss of or physical damage to Contents and Property at the Insured Location at which the Attack occurred, including any physical damage caused by law enforcement or security forces responding to the Attack;
• Reasonable costs incurred to repair or rebuild Your Property, including costs to remove debris, demolition and/or professional services which include architects, surveyors and engineers, that have been damaged as a direct result of an Attack occurring during the period of the policy;
• Crisis Expenses (The following reasonable and necessary expenses incurred as a result of an Attack):
  1. Additional security measures: costs to arrange appropriate security guarding at the affected Insured Location or any other Insured Location, if necessary, but only for such costs incurred up to sixty days after the Attack.
  2. Counselling: costs to provide affected persons, physically present during the Attack, with psychiatric and counselling services and access to social workers, but only for such costs incurred up to twelve months after the Attack.
  3. Public relations and crisis communications: costs for public relations or crisis management consultants contracted by Us to assist You in responding to and managing the situation, including media management, remediation and recovery and the formation of applicable crisis communication strategies, but only for such costs incurred up to sixty days after the Attack

An Attack at any location within a five-mile radius of an Insured Location.

Indemnity for the following loss directly resulting from an Attack that occurs within a five mile radius of an Insured Location:

• Business Interruption and Extra Expense;
• Loss of attraction to an Insured Location as a direct consequence of an Attack;
• Prevention of access by civil or military authority;
  • Business Interruption sustained by the Insured due to a Prevention of Access to Your Property or an Insured Location by order of a civil or military authority, providing such order is a direct result of an Attack that occurs during the Period of Insurance and takes place within a five-mile radius of an Insured Location.
  • Crisis Expenses, as a direct consequence of a Prevention of access to Your Property or an Insured Location.
• Additional security measures being costs to arrange appropriate security guarding at the affected Insured Location or any other Insured Location, if necessary and subject to validation by the Response Consultant, but only for such costs incurred up to sixty days after the Attack;
• Loss of Rent being the anticipated gross rental income from tenant occupancy of Your Property; the amount of all charges which are the legal obligation of the tenants, which would otherwise be Your obligation; and the fair rental value of any portion of Your Property which is occupied by You or the amount you are obligated to pay under a tenancy agreement as the Leaseholder.

Personal Accident Benefit

The Insurer should provide a Personal Accident Benefit for Bodily Injury and/or death sustained by an Insured Person solely and directly from an Attack at least up to 180 consecutive days from the date of the Attack.

Response Consultant Expenses

Indemnity for costs incurred for Response Consultant Services directly in response to an Attack, Threat or Stalking Threat;

• Assessing the nature of the Attack or Threat or Stalking Threat and its potential impact on the safety of an Insured
  Person, Your products, business operations, Property, Electronic Property, and/or reputation;
• Mitigating the impact of an Attack, Threat or Stalking Threat on the safety of an Insured Person, Your products,
  business operations, Property, and/or reputation;
• Maintaining and/or resuming normal business operations during and/or immediately following a Threat or Stalking
  Threat.

Published April 24, 2024 by Kyle Langan

Are smaller companies targeted with attacks?

Have you seen attempts at Funds Transfer Fraud, through phishing? Sinister sources send these attempts out frequently, and may be experienced the most by small businesses [1]. Weaker security measures are targeted, which is why lower sized operations could find themselves susceptible. [2] However, large entities, like Change Healthcare, are also targeted: “Large Scale Cyberattacks Disrupt Essential Substance Use and Mental Health Services.”

How should an operation mitigate its cyber risk?

How can we help? The team at Conrey Insurance Brokers and Risk Managers specializes in risk transfer. This transfer offers protection for the recovery from tangible or intangible losses related to a security breach or similar event arising from digital risks. [3] Cyber insurance allows companies to resume normal business operations faster, minimizing the cost of recovery. [4] Although we are not technology experts, we can also assist with the mitigation of cyber risk and tech errors and omissions, as we are paid by the insurer to help you.

Ranked by expected severity

Cyber events could be categorized into the following sub-domains. [5] These all should follow a mitigation strategy:

Ransomware

Composite

Funds Transfer Fraud

Data Breach

Loss estimates (less than $25 MM Total Revenue):

“Data is from multiple sources, including Coalition’s own global data. Actual numbers may vary significantly from calculator estimates based on additional factors for a given business. The data provided is for informational and educational purposes only.”

References

[1, 2]

Rahmonbek, K. (2024, February 1). 35 alarming small business cybersecurity statistics for 2024. StrongDM. https://www.strongdm.com/blog/small-business-cyber-security-statistics

[3, 4, 5]

Cyber Insurance: Active Insurance & Cybersecurity. Coalition. (n.d.). https://www.coalitioninc.com/

Challenges From Rising Yields

Higher yields could impact the cash flows of nonprofits that depend on loans or credit lines; because the cost of financing in the U.S. remains the highest since 2008, expense reduction becomes even more vital for nonprofits. [1]

Talent Competition, Shortage

“74.6% of respondents report job vacancies,” so the frequency of nonprofit job vacancy remains.” [2] By comparison, only 33% of private businesses had job vacancies at any time between August 2021 and September 2022, according to U.S. Department of Labor data.” [3]

The severity of the vacancy has pulled back since the 2021 survey reading of 76%, yet 33.8% of the responding nonprofits with vacancies reported 20% or more of their jobs were going unfilled. [4] Nearly another third 32.7% identified vacancy rates of between 10% and 19%. [5]

The root cause lies in the challenge to provide “competitive salaries and benefits, then “they may lose employees and candidates to higher-paying jobs in the for-profit sector.” [6]

Goal: Minimize Costs, Survival and Success

An intelligent insurance broker may have the capability to reduce operational expenses through data analytics, risk management, and insurance.

References

[1]–[6]

2023 Nonprofit Workforce Survey Results. Communities Suffer as the Nonprofit Workforce Shortage Crisis Continues (April, 2023). https://www.councilofnonprofits.org/files/media/documents/2023/2023-nonprofit-workforce-survey-results.pdf

Edited February 6th, 2024 (Originally created November, 2019, by Kyle Langan)

Case: Elon Musk and Tesla vs. SEC

In August 2018, “Musk tweeted that he had funding secured for a plan to take Tesla private [traded publicly since 2010]. It turned out that was not entirely true — something the SEC objected to, given that Musk was the CEO and chair of a publicly traded company” (Marshall). The agency sued, and penalties included “$20 million fines for both Musk and Tesla, Musk stepping down as chairperson for at least three years (though would remain CEO), and Tesla would have its lawyers ‘pre-approve’ any of its execs’ written communications ‘that contain, or reasonably could contain, information material to the company or its shareholders’” (Marshall). The sanctions uncover unique risks for public companies that require well thought-out loss control and prevention techniques in order to limit exposure to these risks. Although Musk is a genius, he failed one of his primary duties and gravely overlooked the possible repercussions of his statements as a director and officer of Tesla. His failure resulted from inadequate risk management for the loss exposures in the actions and words of an officer at a large public company.

Shannon Tornoe says the “primary duty in the responsibility of managing a company is to always act within the best interest of the company and accurately represent key financials.” Musk’s duty is to protect his company as an officer; showcasing a loud virtual mouth on social media is within the scope of this duty and he is solely responsible for being aware of avoiding this. In addition, Musk faced harsh backlash from the public and numerous lawsuits from investors. The vital takeaway from Musk’s mistakes is the high level of risk when insuring actions of Directors and Officers (D&O). Despite the need to protect against severe litigation, coverage for D&O can easily be overlooked by risk management teams in large public companies because they are not correctly evaluating loss exposures. Executives represent their companies to the public at all times because stocks fluctuate based on what they say. The SEC enforces high control and oversight over publicly traded companies. As a result of this regulation, they can be sued over anything; high risk exposures exist if companies lack cautious and proactive loss control systems with liability policies. D&O exposure is a dynamic risk with the ever-changing landscape of technology, social media and news outlets. Investors in public companies “make decisions based on what key executives say and that information can be shared as quickly as a tweet” (Tornoe). News spreads rapidly and can sometimes be shared in a negative light. To offset this, risk management departments, or the representing brokers must complete proper research of exposures the company may face and practice adequate loss control techniques. Tornoe thinks “Musk failed in his legal duties when [a director/officer] joins the board of a company. Duty of loyalty and duty of care are significant.” Musk did not act within the best interest of Tesla nor did he accurately represent financials. Tesla had loss control measures in place with D&O coverage policies paying for penalties as a result, but proactive loss prevention programs teaching risks of not maintaining accuracy or acting within the best interest of Tesla would have aided their officers significantly. Tornoe also says “accuracy is key. Twitter and other public social media platforms are not casual backyard barbeque talk; if directors and officers are not clear on this fact, they are misunderstanding the responsibility of their roles.” The risks of having everything executives do and say under watch could be a reason a company chooses not to go public. Tornoe’s CCIB policies have proactive loss control/prevention measures in place such as quiet periods for 48 hours until earnings releases (directors and officers have to watch what they say about financials) in order to limit and control the risks of losses.

Case: Quintus, Unify, and Legato vs. SEC

Tornoe’s extensive knowledge of D&O coverage also recalls a 2002 SEC case that brought financial fraud charges against executives at three publicly traded northern California Software Companies: Quintus, Unify, and Legato (n.d.SEC). Some officers were arrested and charged with crimes for materially misrepresenting their companies; bankruptcies and massive lawsuits followed. D&O liability coverages in place defended officers, but proven guilt for any crimes would cease coverage and officers would be uninsured (Severability is key: coverage ends if the officers are proven in court to be crooks. This clause separates the good people from the bad). Many individuals claimed they were owed money, but the policy wording made clear that the company’s insurance for D&O payed settlements to individuals first and the company second. Insurance was vital because it was covering expensive defense cases; this makes the importance of policy wording extremely clear. In the case of disasters, policies need to adapt to pay out settlements in the best way possible. Order of payments in any policy is vital but it is another exposure overlooked by directors and officers in many companies.

Case: Boeing 737 Max jetliner crashes

10.29.18: Lion Air flight crash kills 189 people after takeoff in Indonesia, 3.10.19: Ethiopian Airlines Flight 302 crash kills 157 people shortly after takeoff in Addis Ababa (Chicago Tribune).

Lastly, Tornoe cited catastrophes caused by Boeing crashes and struggles with automatic safety systems pushing planes’ noses down during the 2018 development of 737 models. Two different planes nosedived and killed all on board in both crashes. Lots of controversy ensued over whether or not the officers of Boeing knew anything or not. Lawsuits and scrutiny followed these catastrophes as they always do (ultimately CEO Dennis Muilenburg lost chairman post on 10.14.19) and many questions were asked: Did the CEO know there were clear defects in the aircrafts? How or why did he keep selling the planes? It shows extreme ignorance if he didn’t know and it would be a failure of his primary duty. His head was deservingly on a platter for the public; it is his duty to know better. This case demonstrates the need for key executives to improve and inculcate loss exposure management proactively and intensely. Boeing’s problems resulted from a loose culture that did not put nearly enough stress into managing potential catastrophes.

Interview with Joseph Brennan

For a close look onto the reverse side of Directors and Officers, Joseph Brennan, can provide valuable insight. Mr. Brennan is the Global Chief Risk Officer at Vanguard. “He is responsible for the firm’s current enterprise risk management organization in addition to all facets of enterprise security and investment risk management” (n.d.V). He has been in this role for over a year now, and he is an officer on Vanguard’s Board of Directors. Brennan says this is a position “where your decisions get scrutinized, and risks come with every decision. However, value doesn’t come without taking risk. We cannot manage everything because of so many moving parts, but we are still ultimately responsible.” Large public companies need a culture that will get them almost all the way there. Brennan believes the best method of control over these exposures is great ethics and an enforced culture that limits risky behavior. These exposures occur more often in looser cultures, so that is why ethics should be at the front of directors’ and officers’ minds. Sound operation and compliance with tight procedures also prove critical. Tesla, Quintus, and Boeing – here are your solutions! Set the tone by doing the right thing, then a lower frequency and severity of losses will follow. Litigious people in our world love hunting big targets; therefore, it makes sense to have viable coverage in a role like Brennan’s. He’s dealt with nothing internally at Vanguard, but he’s seen many different companies use D&O coverage all the time.

Beyond enforcing a stable culture, Brennan utilizes lots of different types of coverage to combat strategic risk, fraud, cyber risk and various more that he manages for his team of 850 employees. His coverage financing ranges from Vanguard’s reserves, insurers underwriting Vanguard, self-insurance, to captives with associations such as Investment Company Institute. This diverse set of insurance methods displays Brennan’s ability to adequately assess risks proactively and with a purpose. Although many directors and officers in public companies do in fact overlook the risks they face, Mr. Brennan is a perfect example of an officer taking the necessary steps to manage the often-underestimated loss exposures of a large organization.

Conclusion:

Do directors and officers of public companies face too much pressure or scrutiny? Mr. Brennan asserted that “the rules are pretty clear. The SEC has made them very clear actually… we are no longer in the 1970s or 80s, so we can look up what can and can’t be done.” When disaster strikes, it is meaningless whether key executives were oblivious to exposures or did know of exposures and didn’t care to act. The result will be undesirable both ways because they either didn’t know what was happening or neglected it; this causes damaged parties to pursue litigation. Brennan stated “it’s not a pressure. It’s pretty easy for [Vanguard] officers to deal with the things happening. These exposures usually stem from ignorance or poor choice.” Brennan is obviously not one of the officers in a public company ignoring the importance of proper exposure control for public companies, but he still acknowledges the dangerous level of risk that comes with high-profile key executives.

Works Cited

Chicago Tribune. (2019, October 14). Timeline: Boeing 737 Max jetliner crashes and aftermath. Retrieved

November 14, 2019, from https://www.chicagotribune.com/business/ct-biz-viz-boeing-737-max-crash-timeline-04022019-story.html.

Marshall, A. (2019, March 19). SEC: Elon Musk Fully Ignored a Key Term of Settlement. Retrieved

November 14, 2019, from https://www.wired.com/story/elon-musk-tesla-sec-lawsuit-twitter-court-filing/.

(n.d.SEC). Retrieved from https://www.sec.gov/news/press/2002-71.htm.

(n.d.V). Retrieved from https://institutional.vanguard.com/web/c1/our-experts/.

Contacts:

Shannon Tornoe – Coast to Coast Insurance Brokers (Owner)

• stornoe@ccibinsurance.com
• 680.6377

Joseph Brennan – Vanguard (Global CRO)

• Jpbrennan1555@gmail.com
• 220.1289