risk

Welcome to the Real World: Stories of Preventive Law Success

gus-ruballo-158651-unsplash.jpg

“Treatment without prevention is simply unsustainable.”
- Bill Gates 

We’re often asked for examples of how we’ve used Preventive Law to help companies minimize risks. We’re not sure if it’s because people generally love a good story filled with gory details (giving them reassurance that things could be worse) or if it’s the happy ending they’re after (filling them with hope). Either way, here are a few real-world examples of how we’ve helped product manufacturers avoid disaster and operate happily ever after. 

What the Shell?

We were engaged by a product manufacturer which was looking to quickly become a public company and raise capital through merging with an existing shell company. Unfortunately, this client had conducted very little diligence on the shell and individuals involved. Like most businesses, it had trusted its new business partners, one of whom was a neighbor and friend of the CEO, who had been reassuring the executive team that this merger would help the company accomplish its goals quickly.  

Right away we began the due diligence process to get up to speed on the players involved, determine potential exposure to unnecessary risks in this venture, and ultimately to confirm whether or not the shell was “clean” enough to avoid problems with the Securities Exchange Commission, among others. That’s when we noticed some red flags waving. 

After digging a little deeper, we discovered this shell had all the hallmarks of a sham and that the individuals offering it had a history with these types of shady transactions. It was clear that if the company had continued down its current path, it could have been exposed to significant civil and even criminal liability.

Needless to say, the executive team immediately ended discussions with its “partners” and was grateful to have avoided what could have otherwise been a business-ending catastrophe. I believe the CEO’s exact words were, “Wow, thank you, man . . . that’s why we brought you on board!” We’ve since been strategizing with the executive team on less-risky means of raising capital, as well as commercial contracting, supply chain operations and risk transfer issues. 

Just Rub Some Dirt on It

When a national manufacturer was looking to establish a Pacific Northwest presence, the CEO came to us for assistance in reviewing some real estate agreements. The company was under contract for a large parcel of brownfield property and had trusted the Phase I environmental report finding “no recognized environmental conditions” (or “RECs”). The diligence period was set to expire in just a couple weeks, and the company would then be locked into closing.  

We took a closer look at the Phase I report, and then talked to relevant parties to learn more about the property and transaction. After a few days, it became apparent there were in fact significant environmental red flags surrounding the property, and the company needed to get out of the contract. We challenged the Phase I outfit as to the presence of leaking drums, underground storage tanks, fly ash piles, and an oil/water separator on the property, all of which had been noted but tucked away toward the end of the report and disregarded. We then pushed the outfit to revise the Phase I report to accurately reflect these conditions as RECs. This strategy enabled us to make a strong argument to back out of the agreement and avoid purchasing a property with hazardous environmental conditions. 

Fortunately, we were able to terminate the agreement and then help our client identify a less-risky parcel to set up operations. We worked with the company to develop and negotiate the necessary contracts and agreements to facilitate a successful closing. 

Going Off the Rails on a Crazy Train

Another one of our product clients, with factories in multiple states, had significant union involvement. Relations had become strained over the prior couple years with the union filing numerous unfair labor practice charges, largely to prove a point.

Prior to our involvement, the company had engaged a large law firm to defend the charges, racking up hundreds of thousands in legal fees in the process. This firm had even increased rates and made questionable staffing choices without first discussing with the company. The senior partner had further recommended taking the matter through trial and then appeals, despite the low probability of success, which would have resulted in the company spending several hundred thousand more in fees to this firm. The kicker was that trial was set in less than 30 days.

We were engaged by the company and immediately interviewed the firm to better understand the ongoing litigation strategy. Unfortunately, these issues were just the tip of the iceberg. Among other things, we learned there had been previous opportunities to settle at a fraction of what had been spent in fees, as well as the possible existence of insurance coverage to offset some of the losses, which had been missed. It did not appear the company’s best interests were being protected.

We quickly replaced this firm with a more business-forward firm, working closely with the new attorneys to pivot away from trial strategy and toward settlement discussions. In the meantime, we notified the insurance carrier of a provision in the policy that allowed coverage for a portion of the fees and settlement given the nature of the claims being made. Long story short, we successfully settled all of the pending charges for a fraction of what would have been spent litigating to ultimate conclusion, with over half of those sums reimbursed by insurance proceeds.

We then helped the company work productively with the union to rebuild trust and get the relationship back on solid footing. This involved collaborating with the company to develop internal policies to minimize the likelihood of this circus happening again. After a few months, the relationship had improved to a point where disputes were being handled amicably and without need for involvement by the National Labor Relations Board.

These are just a few real-world examples of how Preventive Law was a “pound of cure” for businesses. By looking around corners and taking the appropriate precautionary measures, companies can avoid significant exposure. Contact us to learn more about how being proactive can better protect your business.

Some Advice Before Pushing That Nuclear Button . . .

hydrogen-bomb-63146.jpg

“Wouldn’t you prefer a good game of chess?”
Joshua, WarGames

I know what you’re feeling. You have a significant business loss you think should be covered by your commercial insurance policy. Given the amount you spent on premium at renewal, you’re thinking it had better be covered. You’ve notified the carrier, waited patiently for the investigation to be completed . . . but you still don’t have an answer.

“Enough!” you exclaim after a couple months of waiting, “I’m getting a lawyer!” So you do a Google search and find numerous lawyers willing to represent your business to recover those insurance proceeds, some of which will even do so on a contingency basis. “Perfect!” you say, “We’ll be able to keep litigation costs to a minimum!”

Your new aggressive lawyer sends a demand letter to the insurer, threatening a lawsuit complete with bad faith claims if insurance proceeds are not received within 30 days. The insurer balks so your lawyer files a lawsuit on Day 31 seeking everything but the kitchen sink, including claims for punitive damages to make an example of that no-good insurer. At a minimum, just the possibility of being hit with punitive damages should cause the insurer to curl up into the fetal position and finally pay up, right? “Eeeexcellent!” you cackle in your best Montgomery Burns impression. Just a matter of time now.

And then it happens . . . after two years of litigation you lose the lawsuit and in turn your coverage, after a judge sides with the insurer. Failing to take all pre-lawsuit opportunities to resolve the claim amicably may have lost you the opportunity for coverage. What could you have done differently to avoid this outcome?

WTF is A-OK

There may be understandable reasons for the insurer’s delay. For example, property insurers were hit particularly hard in mid/late 2017 due to natural disasters such as Hurricanes Harvey, Irma and Maria, as well as wildfires in Western states. Resources, such as claims adjusters, have to be triaged and deployed to those major losses at the expense of smaller claims, comparatively speaking. Notwithstanding, it’s perfectly acceptable to ask the insurer “WTF?!!?” Even better, hire a lawyer to assist you with resolving your claim amicably, as a professionally-worded “WTF?!!?” from counsel typically results in quicker engagement by the adjuster.

Continued patience, thoughtful strategy and focus on the ultimate goal—i.e., maximizing insurance recoveries—should take precedence over immediately pushing the nuclear button. Going straight to aggressive overtures and threats will simply result in the claims adjuster handing the matter over to the legal department for further handling. This is especially the case when the nuclear phrase “bad faith” is made, and even more so when that phrase is uttered by your lawyer.

Don't get me wrong, there is a time and place for such hostility, but not until after exhausting every amicable pathway available, and only if you have a solid basis for asserting such a claim (hint: now is not the time to lose credibility). And consider that the insurer’s in-house coverage lawyers may be more inclined to find opportunities to deny coverage outright than the previous claims adjuster, who at the time was interested in negotiating the claim. I know, because I’ve been that coverage lawyer inside the insurance company.

Know Your SOL, or You’ll Be SOL

While tapping into your rejuvenated patience, keep in mind there will be a statute of limitations effectively barring lawsuits filed after that deadline. These statutes can vary, not only by state but also by nature of claim asserted (e.g., contract vs. tort). Make sure to look at your policy, since there will likely be a provision further limiting such deadlines. In fact, many policies require a lawsuit against the insurer to be filed within one year of the inception of loss. Beware, that one-year period could begin to run from the date of the event of loss itself, not the date you discovered that loss.

If a delay by the insurer is running up on one of these deadlines, make sure to ask the insurer for an agreement to toll or extend them while the parties are amicably attempting to resolve the claim. There should be no problem getting this agreement, and absolutely do not wait until after the deadline to take action or else it’s over! Your coverage attorney should be well-versed in tolling agreements and capable to negotiating these with the insurer.

Assuming you have a tolling agreement in place, or otherwise still have several months to spare, it’s time to learn more about the insurer’s investigation, reasonably cooperating as required under the policy. Research cases which could be favorable or adverse to your position and evaluate the respective merits of each other’s positions. Listen and don’t be so quick to go on the offensive. Definitely don’t concede any positions from the insurer that could have adverse consequences later, especially in writing (hint: those will likely become exhibits if a lawsuit is filed). You should also review and consider potential litigation strategies and outcomes . . . just don’t let your insurer know that you are doing so!

By Failing to Prepare, You are Preparing to Fail

At some point, you will get the insurer’s final settlement position. Armed with this information, think about the following:

· Is the insurer willing to pay something now? If so, how much?

· How much will it cost to sue the insurer from a fees and costs standpoint through   different stages of litigation (e.g., motion to dismiss, motion for summary     judgment, trial, appeal)?

· What are the chances you could lose at each stage?

· What are the chances you could win, including chances of prevailing on a   dispositive motion?

· Assuming a win, what is the likely amount of recovery (hint: you are more likely   to win contract damages than bad faith tort damages)?

Consider the drain litigation could have on management time and resources, especially during the onerous discovery stage. Consider also the possibility of gaining a reputation as a litigious insured and burning bridges with insurers who tag you as a “problematic risk,” which could harm you upon renewal.

Balancing and evaluating the responses to these inquiries against the settlement opportunity in front of you enables sound business decision-making. And it is certainly less risky than just throwing up your arms, pushing the red button and then hoping you’re not part of the fallout radius. At the end of the analysis, you may find that the insurer has already offered you a best-case scenario from a net standpoint.

The decision to go nuclear should always remain the very last option, and only after all other options have failed and you fully understand the business consequences of doing so. As always, we’re here to help.

Your Contracts, Your Cyber Insurance and You

park-troopers-221402-unsplash.jpg

 “Don’t talk to me about contracts, Wonka, I use them myself.”
- “Square Deal” Sam Beauregarde

If you are a product brand, you’ve probably been required to enter into many agreements with everyone from manufacturers to distributors, payment processors to financial institutions and vendors of all shapes and sizes. Hopefully you’ve had the opportunity to review and understand these contracts, as landmines may exist within that labyrinth of legalese mumbo-jumbo which can affect the insurance you have purchased for your business. In this article, we’ll look at a few of these, particularly in the context of your cyber insurance policy.

BLT, Hold the Mayo

First, these contracts may require that you add another business to your insurance policy, otherwise known as an “additional insured.” This means that your new partner is able to enjoy coverage under your insurance policy, and at your cost (hint, insurers typically require additional premium for adding insureds to a policy).

Second, these contracts may also require that you hold certain minimum levels, or limits, of coverage. Beware these contracts may have varying minimum limits, which could affect the levels of insurance you purchase in order to stay compliant across all contracts.

Third, your contracts may also require different types of coverage. For example, one vendor may require that you carry commercial general liability and worker’s compensation insurance. Another may require you to carry cyber insurance. Yet another may require commercial auto liability coverage. Make sure you have all appropriate lines of coverage in place in order to stay compliant with your business partners.

Something About Making an Ass of U and Me . . .

In addition to adding businesses to your policy, as well as keeping minimum levels and types of coverage, these agreements may also require you to assume certain liabilities of your new business partners. This is especially true if you sell products online and will be taking confidential customer data and payment card information which could be stolen by bad guys.

To the extent your business partners could be blamed for such an event by their customers, clients or investigators, they may incorporate “tender of defense and indemnification” provisions into the contracts, effectively passing this responsibility to you. More specifically, if they are sued by their customers or clients or are investigated as a result of a cyberattack or data breach involving your system, they may be able to contractually force you to pay their costs of defense such as lawyer fees, settlements and judgments.

But what does this mean, and how does it affect you? Hopefully you have a cyber insurance program in place with first- and third-party coverage for cyberattacks or data breaches. As we discussed back in December, first-party cyber insurance can help with costs for recovering lost or damaged data, notifying customers, credit monitoring services and public relations, as well as lost business income from network interruption. Third-party cyber insurance covers legal defense costs in the event of lawsuits against your company for data breach, settlements and judgments, and regulatory fines and penalties. Things can change, however, if those legal defense costs come from your business partner tendering defense or requesting indemnification under the contract.

Cyber insurance policies generally exclude from coverage (i.e., insurers will not pay) liabilities assumed by contract, including those contracts you enter into with vendors and other business partners. Let’s say your company is the victim of cyberattack or data breach occurs and numerous records are compromised. A series of claims, lawsuits and investigations ensues. Several of your vendors wind up being sued and subsequently tender their defense and investigation costs to you under the respective contracts.

Under this scenario, you should be covered to the extent you undertake crisis response measures to minimize reputational harm to you and your vendors as a result of the cyber event. You should also be covered for lawsuits and investigations aimed directly at you. However, you may not be covered to the extent of your vendors’ tender of defense and indemnification costs, since those are assumed liabilities which are excluded under your cyber policy.

Make sure you review your contracts to determine what cyber-related liabilities you are assuming. To the extent possible, negotiate those contract provisions in advance with your business partners. Of course, success on this front may be dependent on bargaining leverage given the relative size of your company compared to your partner. In the alternative, consider having your insurance carrier create carve-outs for these contracts. There may be some additional premium paid, as the insurer will not want to undertake those risks without some cost for doing so. Then take a look at the adequacy of your limits and sub-limits of your full cyber coverage program, given the potentially catastrophic consequences of a cyber event.

Long story short, read and understand the agreements with your business partners, understand the liabilities you are assuming in those contracts, and then assess and react to the effects of those liabilities on your insurance program. As always, we're here to help

3 WAYS TO MINIMIZE EXPOSURE TO THE TOP BUSINESS RISKS OF 2018

nordwood-themes-467442.jpg

"By failing to prepare, you are preparing to fail."                                                       - Benjamin Franklin

It's here. Allianz has released its 2018 Risk Barometer, identifying the top global business risks facing companies according to 1,911 risk experts from 80 countries. Not surprisingly, business interruption/supply chain disruptions, cyber events and natural catastrophes took the top three spots (these were numbers 1, 3 and 4, respectively, in both 2016 and 2017). In order to ring in the new year on the right foot, here are three things you can do internally to minimize your company's exposure to some of these business risks:

1.     Develop and implement cross-functional policies and procedures

Consider developing and implementing policies and procedures across your primary and support activities. You can work with cross-functional departments to establish robust controls involving factory performance, regulatory and trade compliance, sales and marketing practices, market corrective actions and recalls, workplace behavior, cyber hygiene, litigation readiness and record retention. Then take the next step of educating your workforce and managers on a regular basis to ensure these tailored best practices are indeed being practiced. For example:

  • Business interruptions along your supply chain: consider quality, cost, accuracy, delivery and sustainability controls to determine performance of your factories and logistics vendors against certain benchmarks, as well as implementing business continuity procedures in the event one of your factories, suppliers or distributors goes down.

  • Cyber events: consider implementing enterprise-wide cyber hygiene practices to minimize exposure to cyberattacks and data breaches.

  • Employment practices: consider developing and implementing an anti-discrimination, bullying and harassment policy, a return to work policy for injured employees to minimize instances of malingering, as well as succession planning procedures in the event of the departure of a manager or executive.

  • Marketing and sales practices: consider implementing a process where draft print and online materials are first routed cross-functionally to ensure the appropriateness of claims as well as regulatory compliance.

Of course, this is just a small handful of examples, and there may be many others applicable to your particular business.

2.     Work with your CFO and Risk Department to determine appropriate risk transfer levels

Your insurance carrier may tell you that it is willing to insure you at a certain level. For example, it may tell you that it will provide $10 million in coverage subject to a $250,000 deductible. That means the insurer’s obligation doesn’t trigger until your company has paid the first $250,000 in losses related to a particular insurable event. In other words, the insurance company is dictating to you what your risk transfer point should be.

Consider instead working with your CFO and Risk Department to determine a transfer point that is more in line with your specific risk appetite and organizational goals. Among other things, determine what percentage impact to financial metrics such as earnings before income tax and depreciation, operating cash flow, or shareholder equity would be considered “material events”. Review your loss history and determine which losses occur with regularity and are predictable (hint, they aren’t really risks if they happen regularly). Then look at losses that could be reasonably likely but expensive to insure, at which point you may have to determine the cost trade-off. Finally, look at catastrophic exposures across your company which you absolutely must insure, unless your company has a riverboat gambler mentality (in which case, may the odds be ever in your favor).

By being proactive in determining your risk appetite and transfer points, you should be better able to understand your risk profile for purposes of business decision-making. Understanding your risk profile, as opposed to blindly transferring all of your risks to an insurer, can put you in a better position to reduce exposure across your business functions. This can also have the added benefit of reducing costs. Using the example above, a financial study of your risk appetite may conclude that a $1 million deductible would be more in line with your specific risk appetite and organizational goals. The premium cost of a $1 million attachment point is much less than one with a $250,000 attachment point.

3.     Understand your insurance policies from a big picture perspective

I’m always amazed by the number of companies who do not know what is in their insurance policies and simply hope they are covered in the event something happens. I’ve seen many other companies who have had losses and didn’t realize those losses could have been covered by their policies. In fairness, insurance contracts are often legalese beasts that are decipherable primarily by sophisticated lawyers. You need to make sure the policies you purchase align with your specific business functions and needs. Enlisting counsel to analyze, select and negotiate your insurance program within the framework of your specific operations can be that ounce of prevention worth a metric ton of cure.

I recently worked with a product manufacturer with its primary factory based in the Philippines and suppliers based in two other Asian countries. The company shipped product from the factory to its U.S.-based warehouse via ocean cargo. However, a review of their insurance policy revealed that it only covered events in the United States and territories, as well as Canada. This meant if their factory shut down, they could not recover lost business income resulting from the delayed production. Even if the coverage territory included this factory, there were exclusions for earthquakes, tsunamis, floods and labor/strike issues, effectively eliminating a large number of risks that could occur in the Philippines. Moreover, the policy only covered the company’s “direct suppliers,” which would likely have excluded disruptions at the material suppliers. To top it all off, there was no marine cargo policy in place, so shipments lost at sea (the only way they transported product from the factory to their warehouse) would not be covered.

The importance of having a big picture understanding of your insurance policies cannot be understated. Where are your manufacturing operations, and to what extent does your policy respond to natural disasters and geo-political/labor risks that may arise in such locations? How sophisticated are your supply chain, logistics and distribution networks, and is your business interruption coverage protecting them? Does your cyber insurance policy adequately address the number of electronic data records you are storing, including customer data and credit card information taken as part of direct-to-consumer sales? Do you have cyber-terrorism coverage in place given the rise in state-sponsored cyberattacks? What exclusions could disrupt coverage you expected? Is your policy occurrence-based or claims-made, triggering specific claim notification obligations? Do you have overlapping coverage in more than one policy that could trigger sticky “other insurance” clauses? Again, these are just a handful of questions that should serve as a starting point. There may be many inquiries applicable to your particular business.

It is always important to begin a new fiscal year on the right foot. Taking these three steps should provide sustainable opportunity to navigate the top business risks of 2018 (and beyond) with more confidence. As always, we’re here to help.