Grateful for the opportunity to help kick-off Portland’s IMA Chapter’s CPE dinners for the upcoming year. The event is being held at the Portland Golf Club on Tuesday, September 17. Chris will be sharing stories and tips on ways Preventive Law can help the members’ businesses and clients. We hope to see you there!
“Step four! I can give you more.”
- Joey McIntyre, NKOTB
The Ballad of Cory Rupshin (A Law School Exam Hypothetical)
Conundrum, Inc., is a growing medical device company. Conundrum sold a product called the Compli-X, which had radically innovated products currently in the market to be more broadly accessible and cost-effective than its predecessors.
The Compli-X had been garnering attention and accolades across the U.S. medical community and showed no signs of slowing down. In fact, this product had done so well that Conundrum owned most of the U.S. market share for this particular type of device, and Conundrum believed there could be an international market as well.
Conundrum’s Vice President of Sales, Cory Rupshin, had solid physician customer contacts in India, China and Brazil. An avid golfer, he rented out major golf resorts in each country for “spare no expense” extravaganzas to lure these physicians to begin using Compli-X . . . “the ol’ wine and dine, on company dime” as Cory often bragged about his expensive boondoggles.
Around the same time, Accelerate Corp. had brought a product to market that was viewed as a substantial competitor to the Compli-X, particularly since it cost about 25% less. Accelerate was successfully rolling out its product in California when it appeared on Cory’s radar.
Understanding the imminent threat, Cory directed that all Compli-X product in California be sold below cost to slow Accelerate’s momentum and force it out of the market. Cory hoped this maneuver would also send a message to future competitors that Conundrum did not mess around.
Content with himself, Cory sat back down at his desk and smiled. The celebration was short-lived, however, as he received an e-mail from one of Conundrum’s customers in Florida that she had been experiencing failures with the Compli-X, resulting in patient surgeries. Then another message from a physician in New Jersey. And another . . . then another!
All told, the same issue with the Compli-X had resulted in over 50 patients needing surgical intervention. Cory quickly went downstairs and paid a visit to Angie Neer, Conundrum’s R&D specialist. After some additional testing, Angie discovered some structural instabilities in the Compli-X, warning of even more problems in the future.
Cory sat down, looked at the financials, and saw how much money the Compli-X was making for Conundrum. “No need to pull this product over a few failures,” he mumbled to himself. “Probably the doctors’ fault anyway, and we can withstand a few lawsuits.” After all, he had completed one year of law school before dropping out, further convincing Conundrum’s CEO, Hedi Inna-Sand, that he could moonlight as the company’s general counsel (“Why spend $250,000 a year on hiring a lawyer when I went to law school?” he would not-so-gently remind her.)
Sure enough, those lawsuits did come, along with several requests that Conundrum produce e-mails and records relating to its handling of the Compli-X problems. Conundrum did not store electronic records in the cloud, and the back-up tapes they used were cleared and rotated every 30 days. “Good luck getting those e-mails,” Cory chuckled to himself.
Constance Ethyks, Conundrum’s Director of Sales who reported directly to Cory, had become increasingly uneasy about his actions related to the Compli-X. She finally summoned the strength to walk into his office and voice her concerns.
Cory smiled, gold tooth twinkling, and gently warned Constance, “Do you have any idea how much business I bring in for this company? I’ll fire you in a heartbeat if you say anything negative about me. Like I’m going to be taken down by some snotty little girl. Ha!”
Shortly after a dejected Constance walked out of his office, Cory received a call from Ms. Inna-Sand, asking him to come to her office to discuss a letter she had just received from reception. “What is it?” Cory blurted. “Well Cory, it looks like a subpoena from the Department of Justice involving our Compli-X sales in India, China and Brazil.”
Back to Life, Back to Reality
Law school students regularly enjoy fact patterns like these during exam week. Spot all the issues, recite the relevant laws for each, apply the facts to those laws, provide your conclusions . . . and then pray the professor agrees with you. Fun, no? It’s one of the bloodless lobotomizing techniques we lawyers undergo during our three-year committal.
Now, most scenarios within your business will hopefully not be as blatant or pervasive as Cory’s actions. However, there are many legal and regulatory exposures potentially facing your company, necessitating some level of formal compliance. This is where a seasoned Preventive Lawyer can step in and provide immediate value.
In the case of Conundrum, for example, at least some of the following compliance policies would have been helpful had they been put in place (before everything started hitting the fan):
Anti-Corruption Policy, helping Cory understand that providing expensive gifts to physicians in India, China and Brazil to secure Compli-X business may actually have constituted bribing foreign government officials;
Antitrust Policy, to combat Cory’s illegal use of predatory pricing strategies to eliminate competition from Accelerate;
Adverse Event/Incident Reporting Policy as well as Corrective & Preventive Action Policy, to ensure issues with the Compli-X were appropriately reported to the FDA and that those issues were further corrected in the market, including a voluntary recall if necessary;
Document Retention Policy, to ensure documents responsive to litigation proceedings were not inadvertently (and unlawfully) destroyed in the normal course; and
Employment Policy with robust Anti-Harassment, Anti-Discrimination & Anti-Bullying as well as whistle-blower language, explicitly prohibiting Cory’s behavior toward Constance and further encouraging Constance to come forward with information related to Cory’s illegal practices.
Go-getter law students seeking bonus points might additionally list the following as examples of how Conundrum could further minimize compliance exposure:
Advertising and Marketing Approval Policy, to ensure Compli-X promotional materials and product labeling contain appropriate language;
Workplace Safety Policy, to provide a safe and productive work environment for all employees on the manufacturing floor throughout the making of Compli-X;
Insurance Claim Reporting Policy, ensuring timely and appropriate notification and shepherding of potential insurance claims involving Compli-X failures (and Cory’s inappropriate interactions with Constance) directly with the carrier;
Cybersecurity Policy, to minimize Conundrum’s legal and business exposure to cyber events (e.g., denial of service, data breach), particularly since it stored numerous confidential documents that could be accessed.
Of course, your company may not be a medical device manufacturer, and I’m certain it doesn’t make products similar to the Compli-X (which is a completely made-up product). However, there are likely numerous laws and regulations governing your specific industry and value chain.
Long story short, it is important to understand the relevant legal and regulatory landscape surrounding your business, and then develop written compliance policies to minimize your company’s exposure to that potentially rocky terrain.
I Think of All the Education That I Missed . . .
Keep in mind it’s not enough to just develop these written policies. Equally important is training company personnel regularly on these policies in order to individually convey specific requirements, updates and best practices. This means developing training modules and tracking attendance and performance.
Being proactive in compliance education has the additional benefit of generating buy-in, further establishing managerial accountability for potentially non-compliant activities of subordinates. All of this contributes to a culture of compliance, where legal and regulatory exposures are incorporated into day-to-day business decision-making.
And when an investigation or lawsuit invariably commences, you can confidently demonstrate to that investigating body:
Our company has written policies governing such infractions;
We regularly educate our managers on these policies; and
We have a culture of compliance with the laws and regulations governing our industry.
It should go without saying this can and does minimize exposure to worst-case outcomes.
As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at identifying enterprise-wide compliance issues relevant to your business, developing relevant written policies, educating key stakeholders to generate buy-in, and then implementing and training personnel on these policies.
KEEFER is your ounce of prevention. Contact us to learn more.
“Step three! It’s just you and me.”
- Jordan Knight, NKOTB
Let’s say your company is growing to the point where you are considering acquiring a competitor or expanding operations to a new region. First and foremost, I’d like to congratulate you on this huge success! And to ensure it remains a success, please be proactive and conduct adequate due diligence prior to closing these transactions.
So what exactly is due diligence? Simply put, it’s an in-depth review, analysis and evaluation of the target business or real estate deal to make sure there are no red flags that could come back to bite you. In other words, it’s like looking under the hood of the car to make sure you’re not buying a lemon (or worse, something that could blow up on the road).
Make a List, Check it Twice
When starting the due diligence process, it is wise to start with a checklist of items to request from the other side. For example, in the event you are merging with or acquiring another business, your initial list should generally include some form of the following subjects:
There will be many subparts to each of the above subjects, with specific documents and follow-up items requested depending on the type and complexity of the transaction.
As responsive information and documents start rolling in, you can decide whether you have enough information to satisfy concerns related to a particular subject . . . or you can request supplemental information and documents and start chasing rabbits down holes in the event potential red flags emerge.
This Could Happen to You!
The due diligence process should not be taken lightly, as failure to uncover and address landmines within your target can be problematic. Consider the following potential scenarios involving your prospective acquisition target:
It has a shareholder who owns a significant percentage of the company, but is conspicuously absent in company minutes, consents and resolutions involving key decisions.
It has operations in several states, but has failed to appropriately register to do business in half of them.
It has recently received a demand letter from a lawyer with regard to a potential class action involving a product defect.
It has received several letters from local and state environmental agencies with regard to overflow of hazardous waste into a nearby river.
It has a significant union presence, and the local union has filed several recent unfair labor practice charges against the company.
It sells products primarily through direct-to-consumer channels but has not implemented appropriate cybersecurity measures, including procuring cyber insurance.
Its land and equipment are largely tied up by third-party lenders, with additional judgment liens filed in the local recorder’s office.
It has a long-standing relationship with an overseas factory that is notorious for harsh employee conditions.
These are just a small number of issues that could be uncovered during the due diligence process, but you’ll likely want to learn more about them before deciding whether to proceed with closing. Having a robust checklist up front, and then following up with additional requests based on findings can ensure no stones are left unturned.
Seasoned Preventive Lawyers are skilled in navigating the due diligence process. In the event potential red flags are uncovered, Preventive Lawyers can help you understand and assess the risk of exposure and then discuss legal and business strategies to minimize this exposure, including whether or not to ultimately proceed with closing.
Open Your Eyes, Look Within
Due diligence is not only necessary in business mergers, acquisitions or real estate settings, but it can also provide the framework to maintaining ongoing business health. Consider the preventive medicine analogy, where your business undergoes an annual physical to assess health and treat areas of potential “disease.” The physician will perform a “review of systems,” including assessing cardiovascular, pulmonary, neurological, gastrointestinal and musculoskeletal systems, among many other things (cue latex gloves!).
Conducting regular business self-exams utilizing an abridged diligence methodology—or a “review of business systems”—can identify current business health as well as targeted opportunities for improvement before potential exposures start to multiply. For example, a business physical might include:
Review of existing business entities to ensure alignment with tax strategies and opportunities, as well as mitigation of legal and business risks;
Review of business formalities conducted during the year to ensure legal compliance as well as accurate and appropriate business story-telling through minutes, consents and resolutions;
Review of existing and prospective geographical presence to ensure appropriate state-based registrations;
Review of existing and prospective license, permit and regulatory registration requirements to ensure ongoing compliance;
Review of contract practices to ensure proactive negotiation and development practices are being followed, and that business counterparts are compliant with quality and safety standards, insurance levels or other contractual requirements;
Review of business continuity practices to ensure there is not over-reliance on a key supplier or vendor that could result in a business interruption;
Review of legal, regulatory and contractual compliance programs to ensure appropriate training and documentation is taking place;
Review of insurance program to ensure risk transfer practices align with existing enterprise-wide exposures, and that vague or ambiguous language is addressed and clarified before claims arise;
Review of potential claims against third-parties, as well as claims by third-parties against the company that could be tendered to an insurance carrier; and
Review of existing claims and lawsuits to ensure litigation strategies are business-forward.
An experienced Preventive Lawyer can serve as the “internist” to perform this physical, evaluate the overall health of your business, and then take affirmative steps to treat symptoms or refer to a specialist when indicated.
Long story short, due diligence is a necessary component of significant business transactions. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER can peek under the hood of target businesses or real estate to make sure you’re not buying lemons . . . and can further be deployed to look under the hood of your own business to make sure it’s consistently operating at optimal health.
KEEFER is your ounce of prevention. Contact us to learn more.
“Step two! There’s so much we can do.”
- Donnie Wahlberg, NKOTB
There are reasons why new business owners form corporations, limited liability companies or other legal entity forms. Branding and credibility in the marketplace are of course important, but limiting personal liability is the primary driver. In other words, owners set up these business forms to shield themselves from personal liability in the event something goes wrong with the business . . . can you blame them?
When you set up a business entity, you are required to proactively govern that entity from the initial documentation all the way through growth and global domination (cue Dr. Evil laugh). Failing to do so could mean losing the protections these entity forms offer, in addition to many other issues.
You Gotta Keep ‘Em Separated . . .
Business entities such as corporations and limited liability companies must be kept appropriately separate from the individuals forming them. In order to ensure this separation, certain formalities will need to be followed. Typical formalities include:
Maintaining separate business accounts;
Holding annual meetings, as well as special meetings for important business decisions;
Business record-keeping, including meeting minutes, resolutions and agreements for important transactions;
Maintaining accurate financial records; and
Regulatory reporting in some securities-related settings.
Depending on the type of entity structure and number of business owners, there may also need to be by-laws or agreements in place which govern the relationships among the owners and the entity.
Now, some entity forms are more flexible than others as far as the formalities are concerned. Size, geography and ownership (e.g., privately-held vs. public) issues, among other considerations, all come into play in deciding one form over another. However, failure to follow minimum required formalities regarding your particular business form can have adverse effects, such as:
The ability of third-parties to disregard your business entity form (known as “piercing the veil”) and then go after you individually for something your business may have done wrong;
The inability to do business in certain states, including fines and penalties in those states for doing so;
Claims by minority shareholders that majority decision-makers were not authorized to undertake certain actions;
Events of separation (death, divorce or assignment of interests) resulting in third-parties having more control over the business than what was initially intended or desired; and
Possibly even a knock on the door from federal and state enforcement agencies for wrongdoing.
A good Preventive Lawyer, working hand-in-hand with your business accountant, can assist in choosing and then setting up the initial business entity, and can then work with your team to proactively govern the business to ensure business and legal risks are minimized.
. . . But Not Too Separate from the Others
Let’s say your widget-making business has grown to earn substantial revenues, owning a significant percentage of the widget-making industry. In order to spread the wealth (and also minimize your own burden), you set up a few more companies in different states which are owned primarily by your children and a small handful of worthy employees. Of course, you also retain some ownership as well and are ultimately responsible for certain baseline pricing decisions for your products among the family of widget-making businesses.
Depending on how you set up these business entities, this situation could actually be considered collusion among competing companies in violation of federal and state antitrust laws, subjecting you and your businesses to criminal and civil actions. In addition to a potential knock on the door from the Department of Justice involving felony charges and massive fines, other smaller competitors may be all too eager to file lawsuits against your businesses claiming they were somehow damaged as a result of an alleged conspiracy among your “competing” companies.
In order to avoid these competitive exposures, your family of widget-making business entities will need to have an appropriate unity of interest or purpose. In other words, these businesses can’t have the appearance of separate, independent decision-makers as far as the making and selling of widgets is concerned. And depending on the states you’re doing business in, there may be additional ownership and decision-making requirements from a competitive standpoint.
Being proactive in structuring your business entities on this front can be critical from a timing standpoint. If you wait too long, you may find your business has grown to a size where you have to obtain government approval before proceeding with a business restructure, planned merger or other substantial acquisition. In addition to initial business setup and on-going governance, a seasoned Preventive Lawyer can work with your team to develop strategies to minimize exposure to these competitive risks.
Call of Duty
Earlier, we talked about the necessity of following legal formalities with regard to your business form. This compliance can actually have a dual purpose . . . these signed minutes, consent resolutions, and agreements can tell a detailed story about what the company did, and why those running the company did it. Why is this important, you ask?
Decision-makers of the business are considered fiduciaries of the business, meaning they are under an obligation to not usurp business opportunities for their own personal gain. In other words, these decision-makers can’t allow personal interests to prevail over the interests of the business. An action by a business decision-maker is typically presumed to be valid as long as it is consistent with the exercise of honest business judgment or discretion. This is known as the “business judgment rule.”
In order to get the benefits of this deferential business judgment standard, it is imperative that minority owners have notice, full information and an opportunity to consent to the transaction. And given the size of the transaction, consequences to the business or other considerations, an independent special committee may also need to be engaged to evaluate potential fairness issues.
If there is evidence of self-dealing, the deferential business judgment presumption can be rebutted. In that case, the decision-maker will have to prove that the transaction was in fact in the best interests of the company, using a less-deferential “entire fairness” standard. This means the decision-maker will have to affirmatively demonstrate that the transaction was fair in both process and substance, with a court typically being the final say on the matter. A determination that the decision-maker breached a fiduciary duty could mean civil damages all the way up to having the business placed in receivership and liquidated. Not good.
Preventive Lawyers can be a great resource to assist your business with conducting annual and special business meetings and then preparing the minutes, resolutions and agreements to tell the business story correctly and in a detailed manner. Their proactive approach helps minimize fiduciary risks to the business.
Like contract development, business governance is not the sexiest part of running a business. However, it is equally as important in contributing to long-term success. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER can work with you on the governance front, minimizing exposure to registration, competitive and fiduciary risks before they become a reality.
KEEFER is your ounce of prevention. Contact us to learn more.
“Step one! We can have lots of fun.”
- Danny Wood, NKOTB
Okay, so negotiating and developing contracts may seem tedious for business owners. However, being proactive about your contracting process—the first pillar of Preventive Law—can ensure that you are not assuming unnecessary liabilities in the business relationship, and that prospective business partners are in fact qualified to do business with you.
A Cautionary Tale
We were engaged by a national product manufacturer with numerous vendors and materials suppliers. Over the course of many years, contracting had been delegated to the point where at least twenty managers across several departments were responsible for reviewing and signing contracts. There was no centralized process for vetting potential business partners to make sure there were no red flags. There were also no standard “pro-company” form contracts in place, outside of basic Non-Disclosure Agreements. This meant the company had been simply reacting to one-sided contracts provided by business partners, many of which were in complex transactional settings.
Long story short, these managers were signing contracts with multiple business partners, across multiple business functions, without fully understanding who they were contracting with or the liabilities and obligations being undertaken. They did not understand, and therefore could not negotiate, many of the legalese pitfalls contained in the one-sided agreements. And they definitely did not like being pulled away from production schedules to tend to eye-glazing tasks like this.
Ultimately, this led to the following problems for the company:
Assuming onerous obligations such as implementing impossible or impractical compliance programs, aggressive payment and credit-worthiness requirements, unreasonable inspection and acceptance periods, and overbroad and one-sided indemnification language;
Vague and one-sided contract termination provisions, giving business partners broad rights to terminate contracts for any reason and at any time without consequence;
Overbroad and ambiguous service provisions, resulting in projects continuing for much longer than what was initially anticipated (or desired);
Limited recoveries in the event of a breach of contract, including the inability to recover attorney’s fees when litigation became necessary as well as being forced to litigate in unfavorable venues; and
Business partners with significant safety histories and lack of appropriate insurance being given access to company premises to perform maintenance and repairs on heavy industrial equipment.
On more than one occasion, key suppliers had availed themselves of their one-sided contract provisions, resulting in substantial business interruption to the company. It was clear the company’s executive management did not understand the benefits of being proactive with its contract negotiation and development practices, and continued to find themselves having to react to problems that could have been avoided up front.
We worked with the company to become proactive in their contracting processes, rather than reactive, by applying Preventive Law methodologies. We started by dramatically minimizing the number of managers and departments involved. The procurement department was a natural fit to centralize this function, and its new director was more than happy to have more control over the contracting process.
We then worked with the director to develop proposed pre-qualification standards given different business settings, including vendor and supplier relationships. For example, in a vendor/supplier setting, the prospective business partner would have to provide the following documentation before being considered:
Compliance with appropriate safety incident standards, including Experience Modification Rates and OSHA incidence rates;
References from previous customers regarding performance and safety;
Copies of drug/alcohol, jobsite safety and accountability, accident reporting, emergency response, and project inspection policies in place governing vendor/supplier projects and employees while on-site; and
Copies of certificates of insurance on multiple lines of coverage, with appropriate additional insured endorsements in place that adequately protected the company.
We also developed a set of “pro-company” contracts which could be tailored across multiple business functions and deployed proactively, instead of the old practice of simply responding to the one-sided vendor/supplier forms received. Needless to say, our forms were also one-sided . . . but this time in the company’s favor! Of course, the process we developed was flexible enough to accommodate having to react to the other side’s forms when necessary.
We accepted the reality that some business partners would demand their forms be used. That was okay, and we did not want to immediately blow up relationships over initial stubbornness. Instead, if this occurred, the director would simply request a copy of the contract in Word or other editable format. Reasonable business partners should expect that you will want a copy to redline if they demand use of their one-sided form. And if they refuse to do so, this should be seen as a red flag warranting consideration of other business partners (hint, if they are going to be this difficult in these initial negotiation stages, just imagine how problematic they’ll become if there are any issues with regard to contract performance!).
After developing the standard process and forms, we worked with the director to obtain buy-in from executive management. Given the contracting problems the company had faced over a number of years, it was an easy sell. As such, we began implementing the process to ensure an enterprise-wide understanding and appreciation of what we were doing, as well as why we were doing it (all part of the Preventive Law protocol!).
Our Preventive Law team continues to be involved, particularly when:
The director or other side has questions about whether certain pre-qualification requirements can be limited or waived under a given set of circumstances;
We have deployed our own form contract, but the other side responds with its own redlines requiring review and evaluation;
The other side demands its own one-sided form be utilized, requiring redlines on our side to balance things out; and
Assistance is needed to develop negotiation strategies in order to arrive at acceptable contract language after the parties have dug in their respective feet after several rounds of back-and-forth redlining.
Following implementation, the company noticed immediate results:
Managers are not burdened with contract review tasks and are able to focus energy on managing their teams and making good products.
There is an enterprise-wide consistency around the contracting process.
Contracts with business partners are more balanced between the parties, and often even skewed in favor of the company when the other side signs the pro-company form without negotiating it (hint, our client is not the only one in need of Preventive Law assistance!).
Since the contract language has been discussed and negotiated in advance, issues with vague, ambiguous and overbroad provisions are minimized.
The company is able to perform effective gate-keeping early on to determine which business partners should be considered long-term fits for sustainable success, and which ones should not.
The contracting process finally supports the making and selling of product, instead of hindering it.
Contract negotiation and development may not be the sexiest part of running a business, but it is a critical component. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at deploying appropriate strategies that can help you anticipate and respond to risks with prospective business partners, leveling the playing field in the process.
KEEFER is your ounce of prevention. Contact us to learn more.
The Supply Chain Opportunities Conference in the Columbia Gorge is on May 23rd and we’re excited to announce our sponsorship. Chris will be presenting on how Preventive Law can be deployed to uncover and respond to risks and opportunities within your manufacturing supply chain. See you there!
Looking forward to presenting again at the Oregon State Bar. This year's Lunch and Learn topic will be, Preventive Law 101: Minimizing Business and Legal Exposure. For those of you unable to attend the Lunch and Learn on April 17, 2019, the course will be available online as well. Check it out!
“Treatment without prevention is simply unsustainable.”
- Bill Gates
We’re often asked for examples of how we’ve used Preventive Law to help companies minimize risks. We’re not sure if it’s because people generally love a good story filled with gory details (giving them reassurance that things could be worse) or if it’s the happy ending they’re after (filling them with hope). Either way, here are a few real-world examples of how we’ve helped product manufacturers avoid disaster and operate happily ever after.
What the Shell?
We were engaged by a product manufacturer which was looking to quickly become a public company and raise capital through merging with an existing shell company. Unfortunately, this client had conducted very little diligence on the shell and individuals involved. Like most businesses, it had trusted its new business partners, one of whom was a neighbor and friend of the CEO, who had been reassuring the executive team that this merger would help the company accomplish its goals quickly.
Right away we began the due diligence process to get up to speed on the players involved, determine potential exposure to unnecessary risks in this venture, and ultimately to confirm whether or not the shell was “clean” enough to avoid problems with the Securities Exchange Commission, among others. That’s when we noticed some red flags waving.
After digging a little deeper, we discovered this shell had all the hallmarks of a sham and that the individuals offering it had a history with these types of shady transactions. It was clear that if the company had continued down its current path, it could have been exposed to significant civil and even criminal liability.
Needless to say, the executive team immediately ended discussions with its “partners” and was grateful to have avoided what could have otherwise been a business-ending catastrophe. I believe the CEO’s exact words were, “Wow, thank you, man . . . that’s why we brought you on board!” We’ve since been strategizing with the executive team on less-risky means of raising capital, as well as commercial contracting, supply chain operations and risk transfer issues.
Just Rub Some Dirt on It
When a national manufacturer was looking to establish a Pacific Northwest presence, the CEO came to us for assistance in reviewing some real estate agreements. The company was under contract for a large parcel of brownfield property and had trusted the Phase I environmental report finding “no recognized environmental conditions” (or “RECs”). The diligence period was set to expire in just a couple weeks, and the company would then be locked into closing.
We took a closer look at the Phase I report, and then talked to relevant parties to learn more about the property and transaction. After a few days, it became apparent there were in fact significant environmental red flags surrounding the property, and the company needed to get out of the contract. We challenged the Phase I outfit as to the presence of leaking drums, underground storage tanks, fly ash piles, and an oil/water separator on the property, all of which had been noted but tucked away toward the end of the report and disregarded. We then pushed the outfit to revise the Phase I report to accurately reflect these conditions as RECs. This strategy enabled us to make a strong argument to back out of the agreement and avoid purchasing a property with hazardous environmental conditions.
Fortunately, we were able to terminate the agreement and then help our client identify a less-risky parcel to set up operations. We worked with the company to develop and negotiate the necessary contracts and agreements to facilitate a successful closing.
Going Off the Rails on a Crazy Train
Another one of our product clients, with factories in multiple states, had significant union involvement. Relations had become strained over the prior couple years with the union filing numerous unfair labor practice charges, largely to prove a point.
Prior to our involvement, the company had engaged a large law firm to defend the charges, racking up hundreds of thousands in legal fees in the process. This firm had even increased rates and made questionable staffing choices without first discussing with the company. The senior partner had further recommended taking the matter through trial and then appeals, despite the low probability of success, which would have resulted in the company spending several hundred thousand more in fees to this firm. The kicker was that trial was set in less than 30 days.
We were engaged by the company and immediately interviewed the firm to better understand the ongoing litigation strategy. Unfortunately, these issues were just the tip of the iceberg. Among other things, we learned there had been previous opportunities to settle at a fraction of what had been spent in fees, as well as the possible existence of insurance coverage to offset some of the losses, which had been missed. It did not appear the company’s best interests were being protected.
We quickly replaced this firm with a more business-forward firm, working closely with the new attorneys to pivot away from trial strategy and toward settlement discussions. In the meantime, we notified the insurance carrier of a provision in the policy that allowed coverage for a portion of the fees and settlement given the nature of the claims being made. Long story short, we successfully settled all of the pending charges for a fraction of what would have been spent litigating to ultimate conclusion, with over half of those sums reimbursed by insurance proceeds.
We then helped the company work productively with the union to rebuild trust and get the relationship back on solid footing. This involved collaborating with the company to develop internal policies to minimize the likelihood of this circus happening again. After a few months, the relationship had improved to a point where disputes were being handled amicably and without need for involvement by the National Labor Relations Board.
These are just a few real-world examples of how Preventive Law was a “pound of cure” for businesses. By looking around corners and taking the appropriate precautionary measures, companies can avoid significant exposure. Contact us to learn more about how being proactive can better protect your business.
What's the one question that always gets asked?
Are you traveling for the holidays?
If so, chances are you're spending some time on airplanes and will end up chatting with the person seated next to you. Inevitably, there’s one question that always gets asked. That’s right: “What do you do?”
Candidly, that’s a great question. While this may be an easy question for some to answer, we must confess that we've found it difficult. To say we’re a boutique legal practice that specializes in insurance law and risk strategy doesn’t typically excite most people, nor does it capture the essence of what we “do”. The truth is, KEEFER is much more than that.
It wasn't that long ago that we turned on the lights in our downtown Portland office. With our desks facing each other, we filled our time with brainstorming sessions, endless research and back-to-back coffee meetings as we set out to invest in this community that we now call home.
“So, what you are doing is like preventive medicine," said a colleague during one of our many coffee meetings. And that was it. We had it.
KEEFER is a Preventive Law practice.
According to the American College of Preventive Medicine, the goal of preventive medicine is to “protect, promote and maintain health and well-being of the patient and to prevent disease, disability and death.” It’s much more rewarding to stay ahead of our health than it is to do damage control. We can find dozens of excuses to not exercise or to indulge (especially at this time of year), but have to remind ourselves of how much better we feel and how clear our thoughts are when we put in the work up front.
Like preventive medicine, we are proactive in our approach. With business-forward strategies and pricing structure to match, we work with companies on the front end to minimize exposure in the future. This includes overseeing insurance relations, managing claims and litigation, contract negotiation and development and day-to-day legal and business strategies.
The KEEFER Client
We’re building momentum and continue to serve clients we feel fortunate to work with. We’ve been deliberate in defining the type of businesses we best serve which include proactive decision makers who have a genuine desire to learn. These leaders have integrity and transparency which have allowed for a mutual trust between us.
Here are some highlights from 2018:
We worked with a client to recover several million dollars in insurance proceeds it would have otherwise missed.
We guided a medical device manufacturer with regard to federal and European compliance issues.
We helped a national product manufacturer manage and resolve a series of litigation matters, which had spiraled out of control over several years, resulting in significantly lower legal spend and exposure.
We collaborated with a regional shipping company on strategic planning for an intermodal development project.
Most recently, a client came to us for contract management and found it was not properly protected in its agreements. We helped to restructure contracts and put a strategy into place that should protect this company for years to come!
As we reflect on how we've helped our clients over the past year, we can see why our friend compared what we do to preventive medicine. It’s exciting to be on the front end of things, working with like-minded businesses to anticipate and respond to risks before they materialize. And when we travel south for the New Year holiday, we'll be able to confidently answer the question, "What do you do?"
We’ve enjoyed another Christmas with Santa and our young boys and are looking forward to quality time in the sunshine with family. We’re hopeful for what 2019 will bring and until then, we wish you a holiday season filled with peace and joy. Taking the time to revel in the moment, which I’m certain falls in line with “promoting well-being”, truly fills our cups.
We sincerely thank you for your trust and are grateful for your continued support. May your cups be full as we wrap up a wonderful 2018.
Garetta & Chris
“Prevention is better than cure.”
- Desiderius Erasmus
We’ve received some attention following the Portland Business Journal’s feature, as well as inquiries about the origin of our Preventive Law practice and how it works.
It all began a few years back while serving as in-house counsel for a global product manufacturer. We retained a large law firm to represent the company in a lawsuit involving a recalled product. The lawyers weren’t cheap, with the partner charging over $500 per hour and the associate charging nearly $400 per hour.
Less than a year into the lawsuit, in which we had already spent over $75,000 in lawyer fees, my assistant forwarded the partner a brief list of questions from our insurance broker about the case to assist with upcoming renewals. A week later, we received a multi-page formal report on firm letterhead followed by a $3,000 invoice for this work.
Frustrated by what I deemed to be an unnecessary report and excessive invoice, I called the partner and requested these entries be removed. I viewed them as a value-added service, reminding him of the amounts already paid. I also questioned the business sense in spending several hours on a formal report given its limited purpose. The partner wouldn’t bend, arguing the value of his firm’s time and how it needed to be compensated per the terms of the retainer agreement.
Where was the concern for our value?
Sometimes You Need to Distance Yourself to See Things Clearly
Prior to joining this company, I had been an associate with a private law firm for several years, so I was well-versed in billing hours for my work. My firm, like many other firms, had a strict rule that associates were required to bill at least 2,000 hours per year. Year-end bonuses and opportunities for advancement were largely tied to hitting this figure. Performance was largely inward-focused.
After managing a corporate practice, I finally noticed and began to appreciate the other side of the coin. It felt as though outside firms had been preying on our need for their services, as opposed to focusing outward toward our business success.
After this epiphany, I began reaching out to other in-house colleagues and managers to determine whether they were facing the same struggles with outside law firms. I wasn’t surprised with what I uncovered:
Growing distrust with outside law firms, at times wondering whether services provided were always in the best interests of the company;
Frustration with having to pay increasing hourly rates due to firm bloat and rising overhead, especially when attempting to manage legal spend;
Perception of law firms as not cost-effective on day-to-day inquiries given fears of receiving a large invoice for even minor requests; and
Confusion as to why law firms were only interested in reacting to client problems, as opposed to being proactive with preventive strategies to stay ahead of exposure.
It was clear the traditional law firm model of reactive services and billing hours was not client-facing, and it certainly was not business-forward in its approach.
The Ounce of Prevention
Having practiced on both sides of the fence, this was truly a problem in need of a solution. Fortunately, more nimble legal practices (not anchored by bloat and overhead) were already beginning to disrupt the legal industry by offering specialized services and flexible fee arrangements. This disruption extended to practices dedicated to helping businesses minimize their exposure to risks.
These Preventive Law practices specialize in anticipating and reacting to risks before they materialize, providing cost-effective guidance with long-term benefits. When done properly, these practices can assist businesses with:
Improved understanding of risk exposure along primary and support activities;
Developing and implementing proactive strategies to prevent exposure;
Better informed decision-making;
Improved efficiency and reaction time, as well as consistency in application;
Lower contract, claim, litigation and regulatory exposure; and
Better opportunities to recover significant insurance proceeds when necessary.
Like preventive medicine, Preventive Law practices help companies stay healthy up front in order to minimize likelihood of “disease” later.
It Works, It Really Works!
Shortly after starting our practice, we were approached by a product manufacturer that had no in-house counsel and a significant annual legal spend. They were in the middle of several lawsuits and couldn’t see a light at the end of the tunnel. They wanted a plan to get out from under the litigation and what seemed like endless invoicing by lawyers and legal strategies they did not fully understand or trust. Because of the competitive market, profit margins were already razor-thin and cash flow was closely monitored.
We sat down with the executive team to explain how a Preventive Law practice could be of benefit. For a fixed monthly fee, we would manage all company claims and litigation as well as relations with insurers, help review and prepare enterprise-wide contracts, and further assist with developing and implementing strategies from supply chain operations to human resources to labor relations to procurement. We took the position that no project would be outside the scope of work, and that employees should feel free to call us with any matter. Our primary goal was to be an accessible, business-forward resource.
Ultimately, the manufacturer signed with us. The increasing number of calls and expanded projects since then demonstrate that we’ve become a trusted resource. Cases are being closely managed, keeping litigation budgets within reason. We’ve also helped the company recover millions of dollars in insurance proceeds that may have otherwise been missed due to lack of awareness and strategy.
We include updated time-sheets with our monthly invoices to provide a comparison against the old hourly rates paid, as well on-boarding costs (since we’re really competing with that possibility as well). So far, so good. We’re nearing a year together and it’s safe to say both parties are looking forward to renewal.
Preventive Law won’t work for everyone. Many established law firms are too hesitant to adopt more outward-facing models. At KEEFER, we’re fully embracing this new world order. As always, we’re here to help.
“Wouldn’t you prefer a good game of chess?”
- Joshua, WarGames
I know what you’re feeling. You have a significant business loss you think should be covered by your commercial insurance policy. Given the amount you spent on premium at renewal, you’re thinking it had better be covered. You’ve notified the carrier, waited patiently for the investigation to be completed . . . but you still don’t have an answer.
“Enough!” you exclaim after a couple months of waiting, “I’m getting a lawyer!” So you do a Google search and find numerous lawyers willing to represent your business to recover those insurance proceeds, some of which will even do so on a contingency basis. “Perfect!” you say, “We’ll be able to keep litigation costs to a minimum!”
Your new aggressive lawyer sends a demand letter to the insurer, threatening a lawsuit complete with bad faith claims if insurance proceeds are not received within 30 days. The insurer balks so your lawyer files a lawsuit on Day 31 seeking everything but the kitchen sink, including claims for punitive damages to make an example of that no-good insurer. At a minimum, just the possibility of being hit with punitive damages should cause the insurer to curl up into the fetal position and finally pay up, right? “Eeeexcellent!” you cackle in your best Montgomery Burns impression. Just a matter of time now.
And then it happens . . . after two years of litigation you lose the lawsuit and in turn your coverage, after a judge sides with the insurer. Failing to take all pre-lawsuit opportunities to resolve the claim amicably may have lost you the opportunity for coverage. What could you have done differently to avoid this outcome?
WTF is A-OK
There may be understandable reasons for the insurer’s delay. For example, property insurers were hit particularly hard in mid/late 2017 due to natural disasters such as Hurricanes Harvey, Irma and Maria, as well as wildfires in Western states. Resources, such as claims adjusters, have to be triaged and deployed to those major losses at the expense of smaller claims, comparatively speaking. Notwithstanding, it’s perfectly acceptable to ask the insurer “WTF?!!?” Even better, hire a lawyer to assist you with resolving your claim amicably, as a professionally-worded “WTF?!!?” from counsel typically results in quicker engagement by the adjuster.
Continued patience, thoughtful strategy and focus on the ultimate goal—i.e., maximizing insurance recoveries—should take precedence over immediately pushing the nuclear button. Going straight to aggressive overtures and threats will simply result in the claims adjuster handing the matter over to the legal department for further handling. This is especially the case when the nuclear phrase “bad faith” is made, and even more so when that phrase is uttered by your lawyer.
Don't get me wrong, there is a time and place for such hostility, but not until after exhausting every amicable pathway available, and only if you have a solid basis for asserting such a claim (hint: now is not the time to lose credibility). And consider that the insurer’s in-house coverage lawyers may be more inclined to find opportunities to deny coverage outright than the previous claims adjuster, who at the time was interested in negotiating the claim. I know, because I’ve been that coverage lawyer inside the insurance company.
Know Your SOL, or You’ll Be SOL
While tapping into your rejuvenated patience, keep in mind there will be a statute of limitations effectively barring lawsuits filed after that deadline. These statutes can vary, not only by state but also by nature of claim asserted (e.g., contract vs. tort). Make sure to look at your policy, since there will likely be a provision further limiting such deadlines. In fact, many policies require a lawsuit against the insurer to be filed within one year of the inception of loss. Beware, that one-year period could begin to run from the date of the event of loss itself, not the date you discovered that loss.
If a delay by the insurer is running up on one of these deadlines, make sure to ask the insurer for an agreement to toll or extend them while the parties are amicably attempting to resolve the claim. There should be no problem getting this agreement, and absolutely do not wait until after the deadline to take action or else it’s over! Your coverage attorney should be well-versed in tolling agreements and capable to negotiating these with the insurer.
Assuming you have a tolling agreement in place, or otherwise still have several months to spare, it’s time to learn more about the insurer’s investigation, reasonably cooperating as required under the policy. Research cases which could be favorable or adverse to your position and evaluate the respective merits of each other’s positions. Listen and don’t be so quick to go on the offensive. Definitely don’t concede any positions from the insurer that could have adverse consequences later, especially in writing (hint: those will likely become exhibits if a lawsuit is filed). You should also review and consider potential litigation strategies and outcomes . . . just don’t let your insurer know that you are doing so!
By Failing to Prepare, You are Preparing to Fail
At some point, you will get the insurer’s final settlement position. Armed with this information, think about the following:
· Is the insurer willing to pay something now? If so, how much?
· How much will it cost to sue the insurer from a fees and costs standpoint through different stages of litigation (e.g., motion to dismiss, motion for summary judgment, trial, appeal)?
· What are the chances you could lose at each stage?
· What are the chances you could win, including chances of prevailing on a dispositive motion?
· Assuming a win, what is the likely amount of recovery (hint: you are more likely to win contract damages than bad faith tort damages)?
Consider the drain litigation could have on management time and resources, especially during the onerous discovery stage. Consider also the possibility of gaining a reputation as a litigious insured and burning bridges with insurers who tag you as a “problematic risk,” which could harm you upon renewal.
Balancing and evaluating the responses to these inquiries against the settlement opportunity in front of you enables sound business decision-making. And it is certainly less risky than just throwing up your arms, pushing the red button and then hoping you’re not part of the fallout radius. At the end of the analysis, you may find that the insurer has already offered you a best-case scenario from a net standpoint.
The decision to go nuclear should always remain the very last option, and only after all other options have failed and you fully understand the business consequences of doing so. As always, we’re here to help.
“The time to repair the roof is when the sun is shining.”
- John F. Kennedy
If you have business operations in the Hail Belt regions of the United States, pay close attention to the 5th Circuit’s decision earlier this month in Certain Underwriters at Lloyd’s of London v. Lowen Valley View, L.L.C. In that case, a hotel filed a lawsuit against its insurer in the U.S. District Court for the Northern District of Texas for refusing to cover hail-related roof damage under a commercial property insurance policy.
The District Court agreed with the insurer’s argument that: (1) several hail storms had struck the vicinity of the hotel in the years preceding its claim; (2) only one of those storms fell within the relevant coverage period; and (3) the record lacked reliable evidence permitting a jury to determine which of those storms, alone or in combination, damaged the hotel. The 5th Circuit affirmed the ruling, determining the hotel’s engineering report—opining that the subject storm was the “most likely” cause of the damage—was not sufficient.
So Where (or When) Do We Begin?
Many commercial property policies contain provisions that any lawsuit against an insurer must be filed within one year following the “inception of loss,” otherwise it is barred. In other words, the “inception of loss” date starts the one-year clock ticking. The question then becomes, when exactly is that date?
The Wisconsin Supreme Court hit this issue head-on in the case of Borgen v. Economy Preferred Ins. Co. In its 1993 opinion, the Court determined that the phrase “inception of loss” in the context of hail damage rules out an interpretation which could postpone the starting point to the time when the insured discovered or should have discovered the loss. In other words, “inception of loss” means “the date of the specific hail storm,” not “the date I discovered the hail damage.”
There are only a handful of federal and state cases addressing this issue, with the majority of them either Borgen or its Wisconsin progeny. See also Des Longchamps v. Allstate Prop. & Cas. Ins. Co. (“Des Longchamps does not (and, indeed, cannot) deny that the loss to his property began on June 29, 2012 when the derecho’s winds and rain hit Washington D.C. This means that his claimed October hurricane damages are irrelevant (contractually speaking) to the timeliness question.”).
Practical Effect of These Cases Read Together
Let’s say you operate a business in Plano, Texas, and have a commercial property policy with a January 1 renewal date. You’ve noticed some recent leaks over the last week in your eight-year-old roof. Based on this discovery, you enlist a roofing contractor to investigate further. You're advised the roof needs to be replaced due to the existence of hail damage, so you submit a claim to your insurance carrier. Now, consider Plano has had at least 14 significant hail strikes since your roof was installed:
Storm Date Min. Hail Size Range (Max)
4/6/2018 1.50” (up to 2.00”)
4/11/2016 1.50” (up to 2.50”)
3/23/2016 1.25” (up to 2.00”)
8/17/2012 1.00” (up to 1.50”)
6/13/2012 1.75” (up to 3.00”)
Based on Borgen, the relevant “inception of loss” date would be the most recent June 6, 2018 hail storm and each specific storm prior to that. This would mean any claims potentially implicating the April 21, 2017 storm and earlier events could be time-barred (assuming your prior insurance policies contain that pesky one-year filing limitation mentioned above). To make matters worse, given the number of equivalent hail strikes over the course of years, you will likely have an uphill battle under Lowen Valley View in attributing the recent 2018 storms to a loss under your current policy.
Even if it were somehow possible to assign each item of roof damage to a particular hailstorm—and further that statute of limitations issues would not limit recovery almost entirely—the number of storms creates another problem. With 14 storms occurring over the life of your roof, the insurer could argue in favor of 14 separate occurrences, which in turn would mean having to go through 14 separate deductibles before you ever saw a single dollar of insurance proceeds. Depending on the amount of your deductible, this could mean you won't recover any insurance proceeds even if the claim was somehow covered in principle.
So Now What?
These rulings, read together, put the onus on business owners in the Hail Belt to conduct at least annual roof inspections to determine the existence of any roof damage potentially attributable to a particular insurance policy. It further puts the onus on business owners to understand the claim process, and to absolutely know the deadline for filing a lawsuit.
If you do have a claim and are running up on the deadline, seek an agreement from the insurer to toll (or extend) the deadline while trying to resolve the claim amicably. They shouldn’t have any problem with this, and make sure the agreement is documented (hint: now would be a good time to have discussed the claim and strategies with a seasoned Preventive Lawyer).
As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at managing insurance, claims and litigation programs, providing business-forward guidance and strategies.
KEEFER is your ounce of prevention. Contact us to learn more.
We’ve completed our May lecture series through the Oregon State Bar, and are excited to sponsor the upcoming Northwest Electronics Design and Manufacturing Expo in October! This year’s theme is “New Product Introduction and Getting to Market” and Chris will be presenting on managing business interruption and supply chain risks . . . we hope to see you there!
"Let's take extra care to follow the instructions or you'll be put to sleep."
- President Business, The LEGO Movie
Let’s say your company makes products and is sued by a group of individuals claiming they were injured by one of those products.
If you’re like most companies, you would notify your insurance carrier and then hope you have insurance coverage for those lawsuits. Assuming you do, you get a letter from a law firm the insurance company hires for you and then periodically provide information and documents when asked . . . you may even give a deposition if you’re lucky! Otherwise, you stay out of the mix and let this lawyer represent your company’s interests until a letter comes notifying you the case has been settled. No worries, right? WRONG!
Behind the scenes, the insurer is paying the fees for your lawyer (known as “panel counsel” since they are chosen from a panel list acceptable to the insurer). The insurer is also controlling the defense strategy for your company, including when and how to settle the case. Your insurance policy permits the insurer to do this, and also requires your cooperation, so this is perfectly normal. However, if you are not managing this panel counsel, you could find yourself blindsided with higher premiums than expected at renewal.
A Brief Case Study
Let me give you an example based on a matter I recently concluded for a manufacturing client. This company was one of several defendants which had been sued by the estate of an individual who was killed in an accident. Fortunately, this company was insured, so it forwarded the lawsuit to the insurance carrier, which in turn assigned panel counsel to defend the company. So far, so good.
A couple months into the lawsuit, I was called by the head of the company after he received a copy of a 20-page status letter prepared by the panel counsel to the insurer. He was confused since his company had an agreement with a third party supplier, requiring that supplier to accept full responsibility for defense and any damages to the extent of any defect claims involving my client’s products. Given my background and experience with insurers and managing claims and litigation, he wanted me to review and provide guidance.
Here’s where it got dicey . . . panel counsel acknowledged the supply agreement in the report but buried it low in the list of “to-do” action items, recommending instead extensive discovery, at least 20 depositions, retaining and deposing multiple experts and then preparing and filing a couple motions for good measure. To make matters worse, panel counsel opined in the report that our mutual client could be found 15% – 25% liable for the death at trial, and that damages could well exceed $5 million.
Your Panel Counsel Can Adversely Affect Your Premiums
Let me tell you a little bit about how insurance adjusters generally set reserves. When a lawsuit comes in, the adjuster will set defense cost reserves (e.g., attorney fees, discovery costs, experts) based on panel counsel’s recommended strategy. The adjuster will also set loss reserves based on the anticipated settlement or trial value at different mile-markers in the case. Of course, the adjuster relies on panel counsel’s periodic status letters to determine these reserves.
In my client’s case, a reasonable adjuster could have reviewed panel counsel’s 20-page letter and, based on the suggested strategy and exposure, set initial defense cost reserves of at least $50,000 with another $250,000 to $500,000 in loss reserves. This, of course, in addition to the $10,000+ already spent in the initial review and preparation of that 20-page status letter. This was my client’s first claim related to an alleged product defect. Had the adjuster in fact reserved this way, my client’s insurance premiums could have skyrocketed for the upcoming renewal period.
Effectively Managing Panel Counsel
After reviewing the status letter, followed by a brief outburst of expletives, I calmed down and called panel counsel to introduce myself as managing counsel for the case on behalf of the company. We discussed the current strategy and exposure assessment in light of the exculpatory supply agreement. After explaining the harm that could potentially be done to our mutual client at renewal, panel counsel ultimately agreed that the best course would be to immediately tender defense to the third party supplier, performing only necessary discovery items afterward. In the event the supplier balked, it would be sued and we would seek summary judgment given the clear and unambiguous language of the contract.
Having agreed to this new strategy, I requested panel counsel forward the insurance adjuster a status letter downgrading anticipated loss exposure to $0 given indemnity. All of this was set in motion within 24 hours of that phone call, the case was tendered to the third party which was later brought into the case. As a “happily ever after,” the case settled at mediation with nothing paid by my client and minimal defense costs incurred in the interim. At renewal, the insurance premium increased only nominally as a result of the claim . . . things could have been a lot worse.
It's a Team Effort
Don’t get me wrong, the insurer’s relationship with panel counsel is important and necessary, as insurers need to be able to predict outcomes of lawsuits as much as possible in order to make business decisions on behalf of their insured businesses (and themselves!). However, if these lawsuits are not also managed by counsel solely representing the insured’s interests, this dynamic can lead to excessive defense costs, exposure to unnecessary strategies and improper liability and damages assessments. All of this can lead to adverse reserving by the claims adjuster and, ultimately, skyrocketing premiums or worse . . . loss of insurance coverage altogether.
Long story short, don’t simply hand off your case to the insurer and then forget about it. Review status letters before they are sent to the insurer. Understand the litigation strategies being developed and implemented, as well as potential loss exposure. Don't be afraid to question how these things could affect your existing insurance coverage. In sum, manage the case with a critical eye and, if commercially feasible, retain a lawyer looking solely out for your company’s best interests to assist. As always, we’re here to help.
. . . maybe.
This May, Chris Keefer will be presenting a 5-part series through the Oregon State Bar on Insurance for Product Manufacturers. For those of you unable to attend the Lunch and Learn sessions, the courses will be available online as well. Check it out!
“On board were the Twelve: the poet, the physician, the farmer, the scientist, the magician and other so-called gods of our legends.”
- "Atlantis" by Donovan
It is no surprise that companies are aggressively mobilizing to address and combat risks of cyberattack and data breach. According to The Global State of Information Security Survey 2018 from PwC, at least 56% of responding global executives reported having some form of overall information security strategy in place. In a referenced report, PwC highlights the importance of making sure diverse stakeholders are involved in developing and implementing those strategies, including “business, technology and risk management leaders—as well as the CEO and CFO.”
This “it takes a village” perspective not only applies to mitigating internal cyber risks but should also be applied to transferring cyber risks to insurance carriers. This begs the question, “Who should be part of your corporate cyber insurance team?” Here are a few suggestions to help you get the ball rolling:
At least one information technology (IT) representative with knowledge of the enterprise-wide systems used, data storage practices and technology vendors is obviously critical. Such a representative should be able to estimate the number of confidential records being stored that are subject to potential breach and access, which in turn can assist in determining how much insurance you should purchase. This information can also help assess the number of records which could be subject to potential coverage sub-limits which could blindside you if unprepared.
You will want make sure this individual also has a strong grasp of the company’s operational technology (OT) issues as well, especially to the extent of supply chain, logistics and other physical processes vital to corporate success. For example, consider a cyberattack which results in delayed delivery of important production planning information to your primary factory. Along those lines, the IT/OT team member can provide valuable guidance toward insurance considerations such as acceptable business interruption limits and length of waiting periods, further assisting with harmonizing insurance procurement with existing enterprise-wide business continuity strategies (hint, your company should have these in place).
As PwC astutely reports, there is something to be said for including a C-suite representative on the team. This executive should provide sufficient project visibility and accountability, as well as access to departments and representatives ensuring a thorough investigation prior to pulling the trigger on an insurance carrier and coverage. And this individual should have access company purse strings, so it's probably a good idea to get this person engaged early for budgeting purposes . . . especially if there could be glaring holes in your cyber insurance program.
Your C-Suite team member should also be helpful in providing an overview of contracting practices within the company. Keep in mind your company likely has enterprise-wide contracts with suppliers, vendors, distributors, customers and/or clients. Your company may have unwittingly (or wittingly) assumed certain liabilities under these contracts, including liability for losses to these third parties in the event of a cyberattack or data breach involving your system. You need to know what is in these contracts in order to identify and select appropriate cyber insurance carriers, and then tailor your insurance limits, sub-limits and coverage appropriately.
3. Cyber Insurance Broker
A brokerage firm with a well-developed cyber practice should be able to provide effective access to this insurance market. With 60+ cyber insurance carriers offering stand-alone policies, and the cyber landscape still largely underdeveloped with varying policies, there are ample opportunities to identify brokers who can work with your company to access appropriately-capitalized insurers.
A firm with an established cyber presence should also have relationships with underwriters who can provide guidance on opportunities to reduce costly premiums across multiple prospective carriers. For example, if you were one of the 56% of responding executives mentioned above, there should be some level of premium savings for such efforts.
4. Preventive Lawyer
Last, but certainly not least (I’m sure there’s a lawyer joke in there somewhere), you should include on your team a seasoned Preventive Lawyer who can review and analyze your company’s complex contracts and insurance policies to identify and triage potential gaps in your cyber coverage. This individual can further assist to the extent of any vague and ambiguous language in the insurance policy needing clarification (hint, you’ll want to do this before your sign on the dotted line and pay premium).
A Preventive Lawyer should be able to effectively synthesize the information provided by your company as part of the initial audit (via IT/OT, C-Suite and other company representatives) and then work with your broker representative to identify, negotiate and then select the appropriate cyber insurance carrier and policy language tailored to your risk profile as much as possible.
Best practice involves utilizing your team all year, evaluating and adapting, as the cyber landscape is continually changing. This should include regular attention to your insurance coverage . . . so don't wait until renewals or make this a once-a-year conversation! As always, we’re here to help.