Click to edit Master title styleNonprofit Risk WatchTop Issues for Your Radar

Grant Thornton Nonprofit Breakfast SeminarJuly 17, 2015

2

Nonprofits I’ve Known & LovedAlfred P. Sloan FoundationAmerican Civil Liberties UnionAmerican Jewish World Service Barnard College Boys & Girls Clubs of America Brandywine River MuseumConcern Worldwide (US)Council on Foreign RelationsCounterpart International Delaware Art Museum Elizabeth Glaser Pediatric AIDS Foundation EngenderHealth Episcopal Relief & DevelopmentFamily Care International Food & Water WatchGoodwill Industries of Greater New York &

Northern New Jersey Human Rights First Human Rights Watch

International Center for Transitional Justice International Rescue CommitteeInternational Society for the Performing Arts National Audubon Society National Endowment for DemocracyNational Kidney FoundationNeighborWorks America New York Botanical Garden Oceana Phoenix House Foundation Population Council Protestant Episcopal Church in the USASave the Children USASeriousFun Children’s Network The Cathedral Church of St. John the Divine The Ocean FoundationUnited Way of New York City Winterthur Museum & Gardens World Relief

3

Discussion Themes

• Why worry about risk?• Managing your risk landscape• Today’s top threats• Global market update• Q&A

4

Why Worry About Risk?• “Pakistan Expels Aid Agency Save the Children” (06/11/15)• “Minn. Sues Epilepsy Charity Over Ties to Thrift-­Store Chain” (06/09/15)• “Law Enforcement Agencies Nab Deceptive Cancer Groups” (05/19/15)• “Perp Walk: Nonprofit ED Gets Jail Time” (05/18/15)• “Ex-­Head of Maine Nonprofit to Plead Guilty in $4.6 Million Theft” (05/08/15)• “Nepal Earthquake: Americans Stuck as Death Toll Rises” (04/27/15)• “Wounded Warrior Project Sues Small Nonprofit Over Similar Logo” (04/30/15)• “Suit Claims AIDS Charity Bilked $20 Million in Federal Funds” (04/09/15)• “$19 Million Loss Slams Doors on NY Agency” (02/03/15)• “Boy Scouts Ordered to Pay $7 Million” (12/17/14)• “Abuse Suits Have Twin Cities Archdiocese Mulling Bankruptcy” (11/21/14)• “Ebola Tests Insurers’ Medical Evacuation Services as Airlines Cut Flights” (10/13/14)• “Suit Alleges $2 Million Embezzlement by Ex-­PBS Official” (09/26/14)• “Livestrong Gifts Fell by a Third After Armstrong Admission” (09/12/14)• “N.C. School District Breaks Ties With Teach for America” (09/05/14)• “Lawsuit: NY Charity threw Parties While Missing Paychecks” (08/05/14)• And more...

5

Your Minefield of RiskFinancial Risk• Cost of funds – interest rate risk• Investment market risk• Reduced funding• Underreporting of fundraising costs• Use of restricted funds for purpose other

than original intent• And others

Hazard Risk• Workplace injuries• Property damage• Injury or damage to third parties• Environmental liability• Employee dishonesty• Foodborne pathogens• Travel and security risk• Terrorism• Use of personal or rented vehicles• Professional errors and omissions• Special event liabilities• And others

Strategic Risk• Loss of reputation• Macroeconomic risks• Stakeholder/donor relations• And others

Operational Risk• Business resiliency• Regulatory compliance• Management decisions• Inadequacy of internal controls• Information security• Insurer insolvency• Intellectual property risk• Media liability• Sexual misconduct liability• Staff turnover• Succession planning• Unionization of charitable workforce• Use of outside contractors/vendors• And others

6

Consider the Big Picture

• Insurance premiums+ Deductibles and self-­insured retentions

+ Non-­covered claims+ Payments exceeding available insurance

+ Adverse claims experience+ Workplace inefficiencies+ Declining morale+ Loss of reputation+ Loss of funder confidence

• TOTAL COST OF RISK

7

Strategy First – Insurance Last

• What risks do you face?• How frequent?• How severe?• Worst-­case impact?

• Due diligence in new ventures• Property protection• Safety programs• Travel risk management• HR policies• Other preventive measures

• Consider all key contracts• Which way does risk flow?• Does the ‘other guy’ have the Right Stuff?• Do you?

• Look at your loss history• Avoid ‘trading dollars’ for low deductibles• Absorb risk that’s predictable and affordable

Assess & IdentifyRisks

Avoid & ReduceRisks

TransferRisks

RetainRisks

8

Today’s Top Threats

Information risk

Media liability

Sexual misconduct liability

Management liability

Business resiliency

Non-­owned auto liability

9

Information Risk

• Data breaches affect all businesses• Laws continue to expand and evolve• Everyone owns data

– Employee data– Donor data– Patient/client data– Grantee data– Intellectual property– Other sensitive information

• Most nonprofits are vulnerable– ‘Soft’ infrastructure and policies

• We’re talking about more than electronic data• Traditional insurance leaves many gaps

10

Where Does E-­Risk Come From?

Source: ACE Group, 2015

11

Information Risk: The Exposure

• Damage to your IT network and digital assets

• Civil liability for damage to others’ networks and digital assets

• Civil liability for unauthorized release of private information

• Breach response costs –forensics, notification, credit monitoring, public relations

• Regulatory fines and penalties• Cyber extortion

12

Safeguards You Can Take

Technical Administrative PhysicalVulnerability Assessments Incident Response Plan Secure Location of

Information SystemsEncryption Employee Training Inventory and Encryption

of LaptopsCurrent anti-­virus and patches

Policies and Procedures-­ Passwords

Levels of Employee Access to Sensitive Information

Responding to Threats/Warnings

Background Checks Disposal and Media Re-­Use Protocol

Firewalls Assessment of Third-­Party Partners

Contingency Plan and Testing

Password Authentication Logs Visitors Accompanied

13

Insurance Considerations

• Which coverage modules to buy

• Availability of insurer and broker breach coaching

• Breadth of policy contract –no two are built alike

• Coverage territory• Insurer expertise and financial strength

• Cost

14

Media Liability

• Traditional media still create exposure

• Everyone has an online presence

• Online content increases risk exposure

• Traditional insurances have become more restrictive

• Specialty solutions are becoming the norm

15

Media Liability: The Exposure

• Personal Injury offenses• Intellectual property offenses• Errors and omissions

16

Safeguards You Can Take

• Hold-­harmless and indemnity agreements• Proof of insurance• Liability disclaimers• Education in basic copyright, privacy and libel law• Consult legal counsel• Warranties from freelance content contributors• Written releases from outside contributors• Written releases from models• Document accuracy of information gathered

Source: International Risk Management Institute, Inc., 2008

17

Insurance Considerations

• Standalone multimedia liability policy or add-­on module within Cyber policy

• Structural issues– Scheduled Media– Policy definition of “Matter”– Coverage for First Amendment restraint

– Policy definition of “Claim”• Coverage territory• Insurer expertise and financial strength

• Cost

18

Sexual Misconduct Liability

• An uncomfortable subject• Potentially explosive risk• Low frequency/high severity• Lasting damage beyond claim-­specific costs

• Some nonprofits may underestimate their risk -­preparedness varies widely

• Insurance protection can be spotty

• It only takes an allegation

19

SML: The Exposure

• Abuse• Molestation• Exploitation• Negligent recruitment, retention, training, supervision

20

Safeguards You Can Take

• Institute zero-­tolerance policies• Formalize screening and selection procedures• Train personnel – initial and recurring• Monitoring and supervision• Develop internal feedback systems• Promote consumer awareness of your environment• Develop response mechanism• Refine administrative practices

Source: Praesidium, Inc., 2015

21

Insurance Considerations

• Dedicated policy limits– With follow-­form Umbrella/Excess

• Occurrence vs. claims-­made• Who’s insured• Definition of a “Wrongful Act”

– Coverage for employer negligence• Defense provisions• Coverage territory• Availability of insurer/broker prevention and crisis response services

• Insurer expertise and financial strength

• Cost

22

Management Liability

• Nonprofits and their leaders held to higher standards

• Greater expectations of transparency, accountability

• Actions by regulators, donor groups, employees, contract partners, competitors, constituents

• Economic challenges increase exposure

• Healthcare reform and IRS rules expand risk

23

Management Liability: The Exposure

• Directors’ & Officers’ Liability• Employment Practices Liability• Fiduciary Liability

24

Going By the Numbers

Alleged Wrongful ActsGovernance Fiduciary Employment Practices

Percent of all claim costs

5% 1% 94%

Number of Claims 117 51 1,346

Largest Claim $775,000 $82,000 $938,000

Average Claim $23,000 $6,000 $33,000

Defense Costs as % of Total

75% 86% 45%

Source: Nonprofit Insurance Alliance of California and Alliance of Nonprofits for Insurance Risk Retention Group, 2015

A Specialty Insurer’s Experience

25

Safeguards You Can Take

• Set clear expectations and rules of conduct for new board members

• Clear conflict-­of-­interest policies• Executive compensation benchmarking• Meticulous board recordkeeping• Explicit HR policies – sign-­and-­acknowledge• Anti-­harassment training at all levels – initial and refresher

• Supervisory training• Clear contracts with external professionals• Professional help with benefit plan disclosures and communications

26

Insurance Considerations

• Adequacy and structure of limits• Claims-­made policy term, retroactive date

• Who’s insured• Definitions of key policy terms• Wage-­and-­hour defense coverage• Defense provisions• Insurer expertise and financial strength

• Cost

27

Business Resiliency

• Sandy was well-­publicized wake-­up call• Other calamities can disrupt operations

– Fire, explosion, water damage– Utility interruption– Natural catastrophes– IT network breaches and outages

• Operational disruption can threaten your revenue stream

• Other incalculable ripple effects• Many nonprofits remain unprepared

28

Business Resiliency: The Exposure

• The ability to adapt to, and to withstand, changes to the normal operating environment– Emergency response – incipient stage– Disaster recovery -­ aftermath– Operational continuity – longer-­term

29

Safeguards You Can Take

• Assemble a business continuity team– Define roles, responsibilities, communications– Enlist executive support

• Collect data– Critical functions– Important contacts– Critical vendors– Alternate sites– Vital records

• Create recovery plans– Strategies and tasks– Internal and external resources

• Activate, test, and refine plans

30

Insurance Considerations

• Integrity of time element values• Indirect exposures

– Civil authority– Ingress/egress– Off-­premises utility interruption– Contingent business interruption

• Extended period of indemnity• Other coverage extensions• Designated adjuster• Insurer expertise and financial strength• Cost

31

Non-­Owned Auto Liability

• Catastrophic exposure• Most nonprofits have drivers using personal cars for agency business

• Personal insurances can be spotty

• Employer as perceived deep pocket

• Risk exposure is rarely managed

• Auto use policy often murky – or nonexistent

32

Non-­Owned Auto Liability: The Exposure

• Civil liability for bodily injury or property damage to others...

• Arising from an individual’s ownership, maintenance, or use of a borrowed or personal motor vehicle...

• While serving the organization• If the individual driver (“servant”) is liable, the organization (“master”) stands vicariously liable

33

Safeguards You Can Take

• Define acceptable vehicle use– Necessity– Driver qualification– Vehicle safe and appropriate for intended use

• Driver screening• Confirm and track driver insurance• Conduct guidelines – e.g., number of passengers, assisting clients in/out of vehicles

• Driver pledge form – individual commitment• Incident response protocols

Sources: Alliance of Nonprofits for Insurance Risk Retention Group, Nonprofit Risk Management Center, 2015

34

Insurance Considerations

• Adequacy of policy limits– Umbrella/Excess as safety net

• “Employees as Insureds” endorsement– Extends coverage to individual driver, excess of personal insurance

– Can avert conflicts between defendants and insurers

35

Insurance Market Conditions

• Our market is inherently cyclical• Recent years have been favorable for insurers

• It’s a good time for buyers– Third consecutive year of rate softening

– Plentiful capacity– Healthy competition– Underwriting discipline

36

Commercial Lines Combined Ratios109.4

110.2

118.8

109.5 112.5

110.2

107.6

104.1

109.7

110.2

102.5 105.4

91.1 93

.6

104.2

98.9

102.4

107.9

103.4

98.3 99.9

98.910

2.0

111.1

112.3

122.3

90

95

100

105

110

115

120

12590 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13F

14F

15F

Com

mercial Lines Com

bined Ratio

2007-­2012 figures exclude mortgage and financial guaranty segments.Sources: A.M. Best (1990-­2014F);; Conning (2015F) Insurance Information Institute.

37

Commercial Renewal Rate ChangesPeak = 2001:Q4

+28.5%

Pricing turned negative in early 2004 and remained that way for 7.5 years

Pricing turned positive in Q3:2011, the first increase in nearly 8

years

Trough = 2007:Q3 -­13.6%

Rate trends roughly flat

38

Renewal Pricing Trends

Early 2009 through Early 2015Few accounts are seeing increases

Source: Barclays Commercial Insurance Buyers’ Survey, 2015

39

What Does it Mean For You?

• Property: very soft market;; rates -­5% to -­15%;; CAT coverage available again;; many aggressive markets and capacity;; multi-­year deals available (with loss ratio caveats)

• General Liability: soft market;; rates flat to -­10%;; several aggressive markets to pair with monoline Property

• Auto Liability: flat market;; poor loss experience for Northeast insurers;; difficult to place monoline at competitive pricing

• Workers’ Compensation: softening market;; industry attitude toward WC not as bleak as several years ago;; monoline WC available, but insurers more aggressive with supporting business

• Management Liability: flat/firm market;; rates flat to +10%;; creeping retentions

• Crime: soft market;; rates flat to -­10%• Individual results vary by risk characteristics and experience

40

Useful ResourcesGeneral References• Insurance & Risk Management Terms

(International Risk Management Institute)www.irmi.com/forms/online/insurance-­glossary/terms.aspx

• Nonprofit Risk Management Centerwww.nonprofittrisk.org

• Risk & Insurance Management Society (RIMS)www.rims.org

Information Risk• HUB Data Breach Cost Calculatorhttps://www.hubinternational.com/business-­insurance/cyber-­risk-­solutions/tools/data-­breach-­cost-­calculator/

Sexual Misconduct Liability• Praesidium Inc.

www.praesidiuminc.com• The McCalmon Group, Inc.

www.mccalmon.com

Management Liability• Chubb Group -­ Loss Control

Resourceshttp://www.chubb.com/businesses/chubb3331.html

Operational Resiliency• HUB International Crisis Management

Centerhttp://www.hubinternational.com/crisis-­management/

41

Questions

42

For More InformationScott R. KonradSenior Vice PresidentNot-­for-­Profit Business Practice LeaderHUB International Northeast Limited5 Bryant Park | 1065 Avenue of the AmericasNew York, NY 10018(212) 338 2295 Direct(347) 491 9671 Mobilescott.konrad@hubinternational.com

Scott Konrad is a Senior Vice President of HUB International Northeast, with responsibility to build, brand, grow and lead a specialty practice serving the insurance, risk management, and employee benefit needs of tax-­exempt organizations. An industry veteran with 38 years of experience, Scott began his insurance career with Liberty Mutual Insurance Company. He transitioned several years later to the brokerage sector, serving in a variety of claim management, sales leadership, and relationship management roles with global brokers Johnson & Higgins, Marsh & McLennan, and Willis, over the majority of his career. From 1996 to 2003, Scott was an officer of the Church Insurance Companies, the denominational insurance arm of the Episcopal Church, for which he established a regional service center and managed deployment of the companies' products and services to over 2,000 institutional clients in 20 Episcopal dioceses throughout 11 Northeastern states. Scott joined HUB in 2013 from Crystal & Company, an independent, privately-­owned insurance broker for which he built a nationwide Nonprofit practice. A graduate of Colgate University, Scott has been recognized by Risk & Insurance magazine as a Power Broker® to the Nonprofit sector for the past five consecutive years, and he is a frequent speaker and author on nonprofit risk management themes. He launched and fronts HUB’s corporate partnerships with InsideNGO and the Nonprofit Risk Management Center. Scott is accredited in Risk Management for Churches and Schools by the University of Cambridge (UK), and serves on the diocesan insurance board for the Episcopal Diocese of Connecticut.