As a highly nuanced and complex product, bank insurance can deliver unexpected surprises at the time of a claim.
To minimize unpleasant surprises—and mitigate risks—banks must thoroughly understand their insurance policies, advises Adriaan Schieferdecker, managing director, Insurable Risk Management, Bank of America. “No insurance policy covers everything. Banks must do the work required to analyze exposure, and, if coverage is lacking, determine other methods to mitigate that risk.” Take the case of extra expense coverage for natural calamities: Most carriers have regional exclusions for coverage, such as widespread power outages, Schieferdecker explains, so banks will need to understand what their actual exposure may be.
Even Financial Institution Bond policies, which have been in the marketplace for decades, can trip up bankers. Wire-transfer coverage within FIB policies typically includes a provision requiring that banks make call backs before initiating transfers over a stated amount. Bankers are sometimes unaware of the provision or jeopardize their coverage by not always following their own procedures for call backs, explains Ron Summerville, managing director at Roncar Advisors.
Regulations—a moving target
It’s not just the actual insurance policies that cause challenges for banks, but the changing regulatory environment as well. This past December, the Federal Housing Finance Agency announced that Fannie Mae and Freddie Mac had overhauled mortgage insurance master policy requirements. Another potential regulatory hurdle is the Dec. 31, 2014 expiration of the federal terrorism risk insurance program (TRIA). Without the backstop of TRIA, insurers in populated areas will likely limit their terrorism risk exposures, which will increase premium costs for banks.
Regulatory ambiguity is another challenge. The FDIC recently issued an advisory statement that attempts to clarify the agency’s position that banks may not purchase an insurance policy that would indemnify institution-affiliated parties for civil money penalties (CMPs) assessed against them, leaving many banks unsure whether or not to drop CMP coverage.
For now, banks should sit tight, advises Mike Read, national marketing and sales manager, ABA Insurance Services. “We are comfortable stating that the defense costs related to a CMP are covered under the base D&O contract. That allays a lot of bank concern,” notes Read.
D&O gets more attention
Directors and Officers Liability Policies (D&O for short), designed to protect personal assets against losses from wrongful acts, is a bread-and-butter policy that didn’t attract much attention—until the financial crisis. Since then, banks are rightfully paying attention to D&O and more closely assessing how their coverage aligns with their overall risk profile, says Read.
“It’s clear today that bank directors and officers need to be very aware of what their coverage is,” says Kristin Roger, chief underwriting officer for the Financial Institutions Group at Travelers Insurance. “In particular, independent directors should have an understanding of how their policy responds in the event of nonindemifiable claims,” which expose their personal assets to loss.
Christopher Taylor, head of financial institutions for Zurich North America, likens D&O insurance to cars. All cars have four tires and a steering wheel, but to say that all cars are the same is wildly inaccurate. Banks may assume that all D&O policies are the same, when indeed it is the subtle differences in policies that are the most important at the time of a claim.
Banks need to carefully evaluate their D&O coverage since the policies can be extremely complicated and include entity coverage, employment practices, and fiduciary liability. “Bankers think that D&O covers everything,” says Roncar Advisors’ Summerville. “But there are lots of endorsements to broaden the coverage that may make sense for banks to purchase,” he adds. “Banks have to understand exclusions and their exposure, and then share that information with their board.”
Bank of America’s Schieferdecker tends to favor broad coverage, but notes that banks still need to understand their exposure so they can make more informed coverage decisions. Perhaps it makes sense to purchase less broad coverage and pay less. But banks need to do an exposure and risk analysis to make that decision.
In the D&O marketplace, as elsewhere, regulatory concern is driving much of the activity, says Raymond DeCarlo, vice-president, Berkley Professional Liability. To lower premiums, some banks are moving to a blended coverage that includes D&O and Errors & Omissions, but DeCarlo feels that can be a mistake. “Banks need to evaluate cost savings versus the likelihood of an E&O claim, since blended policies can erode the limits of the bank’s D&O coverage,” he points out.
The carrier and broker marketplace
Historically, writing bank insurance policies, such as professional liability insurance and FIB, was a profitable business for carriers. But regulatory changes and increased D&O claims coming out of the financial crisis have made insurance underwriters increasingly concerned about profitability, according to William Goett, managing partner and financial institutions practice leader at Integro, a business insurance broker.
To manage profitability, carriers are leaning on banks to take a bigger role in reducing losses and claims. “For carriers, it’s imperative that banks demonstrate that their business practices are operating within an acceptable regulatory framework and that there are internal checks and balances to monitor business activities,” explains Goett.
As a result of less-profitable policies, traditional insurance carriers are beginning to raise premiums and analyze the total limits on their portfolio, says DeCarlo. Michael O’Connell, managing director for Aon Risk Solutions Financial Services Practice, agrees that carriers are becoming increasingly concerned about their overall aggregation exposure and are thus reducing overall limits or coverage.
However, even with squeezed profits, long-time carriers remain in the banking arena, and only a few have cut back on some of their capacity, according to Goett. And competition is fierce as new market entrants with impressive underwriting talent, such as Berkshire Hathaway, are jumping in to write bank-specific policies.
Other new entrants, including offshore carriers, took advantage of D&O market disruption from the financial crisis, says Zurich’s Taylor, though he cautions banks to be wary of carriers without a demonstrated commitment to the banking industry.
There is very little recent M&A activity in the large carrier market, notes Bill Jennings, an underwriter in Beazley’s management liability area. He notes that broker consolidation will likely continue, although that is not necessarily good news for banks. “Less choice diminishes creativity and restricts the options bankers have. The industry is healthiest when we have more players,” says Jennings.
Cyber insurance: more (or less) than meets the eye
Most banks opt for cybersecurity and privacy policies. According to the 2013 ABA Bank Insurance Survey Report, 81% of banks surveyed carry cyber insurance. As for the remaining 19% without coverage? “I guess if you’re not using computers, there is no need for cyber insurance,” jokes Jennings.
Cyber insurance is the coverage area with the most change, says ABAIA’s Read, and there is still much ambiguity in policies. In the cyber world, it’s truly buyer beware. Says Jennings, “Cyber insurance goes beyond the words on the page. It’s critical that banks work with an insurer that will handle a breach properly and expertly. A data breach is more complex than a fire. You need someone that will help your bank through the entire process.”
The cost of cyber insurance has been rising, with much of the price increase attributed to bank growth as well as higher premium prices. Only 12.5% of banks (rising to 35% of banks with between $1 billion and $10 billion in assets) attribute price increases to broadening or adding coverage, according to ABA’s bank insurance survey.
Banks must decide whether to purchase first-party coverage for direct losses to the bank, due to business interruption and destruction of data and property, or purchase third-party coverage for losses that the bank causes to its customers or others, or both. Whichever way they go, they should keep in mind the huge expense a bank with a large customer base can incur just to notify customers of a potential data breach, according to Goett. Aon’s O’Connell adds that banks should understand the cyber policy’s prior acts coverage as well.
A separate cyber insurance policy is a wise move, says Goett. “Some institutions may attempt to broaden existing policies to include cyber coverage, but dedicated policies offer a broader array of protection.”
All cyber policies are not created equal, according to Read. Banks need to make sure that their policies are structured specifically to the products and services that they offer. For example, Read explains, a bank that generates income from its cyber activities should consider a broad cyber policy that includes business interruption or income coverage.
While cyberfraud is a growing problem, it does provide banks with an opportunity to differentiate themselves and add value to their customer relationships, notes Travelers’ Kristin Roger. With identity theft in particular, she says, the purchase of ID theft reimbursement insurance allows banks to offer an additional service to customers.
The hidden extras
Extra-expense coverage for additional costs, such as setting up a branch in a temporary location due to a branch closure, is not difficult to find, says Zurich’s Taylor, but it’s tricky for banks to estimate the amount of extra-expense coverage needed. He gives an example of a bank that incurred the unexpected (and uncovered) extra expense of busing customers from a temporarily closed branch to a branch miles away.
Roncar Advisors’ Summerville concurs that calculating the amount of extra-expense insurance a bank needs is difficult. A bank with ten branches may decide to use total income divided by ten as the benchmark for determining coverage, but it’s likely that the main branch should be insured for more than a small, in-store branch, he says.
It’s preferable to include extra-expense coverage within the overall blanket limit of property coverage, rather than worry about the adequacy of coverage, says Goett. However, he adds, since that benefit isn’t always available, the coverage is often sub-limited.
Insurance: just one way to mitigate risk
The biggest mistake banks make, say several of the experts we spoke with, is that they lean on insurance to mitigate all risk. “The best banks run their business as if insurance doesn’t exist,” contends Taylor. “Insurance cannot be the driving force for risk.” For example, in regard to social media coverage, banks first need to establish practices and protocols to guide their activities in this area.
Bank of America’s Schieferdecker agrees. “Insurance is most useful when you understand your total risk exposure and don’t rely only on insurance to cover that risk. You can’t just buy it and forget it, and you can’t be complacent about your risk and your insurance coverage.”
Adds Kristin Roger, “What banks pay out in deductibles and uncovered losses is something to think about as they contemplate their overall risk.”
Schieferdecker recommends explaining the bank’s risk exposure to carriers. “Working closely with insurers will pay off in better performance and coverage,” he says.
Of interest to risk managers and insurance officers:
• 2013 ABA Bank Insurance Survey Report: The report includes more than 69 tables and summarizes banks’ insurance coverage by asset size. Learn more/purchase report
• ABA-endorsed solution: ABA Insurance Services: Endorsed by the American Bankers Association and 28 state bankers associations, ABA Insurance Services provides a full suite of D&O, bond, and property and casualty insurance. Learn more