Insurance Coverage & Recovery

Insurance Tools for the Corporate Executive

Lilit Asadourian discusses the basics of insurance coverage that in-house counsel should understand and shares some best practices for maximizing and protecting your company’s insurance assets.

CCBJ: Please tell us about yourself and how you came to this role?

I’ve been practicing law in California for over 20 years, in Los Angeles and in San Francisco for a period of time. I attended UCLA both for undergrad and law school. However, I was born in the former Soviet Union and am Armenian by background,

I’ve been a partner with Barnes & Thornburg for a year and now serve as co-chair of the Insurance Recovery and Counseling Practice Group. We only represent policyholders in our practice. Prior to that, I was a partner with another Am Law 100 firm for many years. I have been practicing insurance recovery for the better part of my career, along with high-stakes financial services and commercial litigation. I also served on secondment as in-house counsel at two national banks after the financial crisis. I currently reside and work out of Los Angeles, but my practice tends to be national because of the clients that we service and the jurisdictions in which these cases tend to be litigated.

What are some of the basics of insurance coverage that in-house counsel should understand and direct their attention toward?

I advise my clients to make sure senior management within the legal department has at least a yearly health check with the department in the organization that owns the insurance program. Insurance policies are typically not procured by the corporate legal department; they’re probably being procured by either somebody in the CFO’s office or, for larger organizations, in the risk management department. But there needs to be communication between the corporate counsel and the risk management department to make sure that the policies being purchased are consistent with the company’s risk profile and the company’s needs.

Sometimes we see gaps where the risk management department or the CFO is so focused on premiums that they’re not really paying much attention to the policy language itself. That’s where companies run into trouble—when they think they have coverage but discover an unexpected exclusion or gap because there was not investment of time on the front end, during the policy purchase, to really evaluate whether they’re getting everything they think they need. There also needs to be a balance on cost to be sure, but beyond the premiums, it’s important to make sure there is analysis and negotiation of the policy terms.

Clients should ask for a summary of the key policy coverage grants and the exclusions, particularly for the financial lines or the critical corporate policies that protect the directors and officers. That would be the directors and officers (D&O) policy, the cyber policy and often the errors and omissions (E&O) policies, which would protect the company for any risks of malperformance or negligence in the business functions as it relates to their customers. These policies tend to be more bespoke, so there’s more variation from one company to another. These policies also lend themselves to more influence and revisions—if time is put in during the purchase process to evaluate the language.

A company’s insurance program should include three or four very basic policies. There should be a commercial general liability policy and a commercial property policy, particularly if you have brick-and-mortar locations or you have inventory, etc. And then a D&O policy. In many instances, companies are also buying E&O policies and, in some instances, employment liability policies too, particularly if there is a big workforce and a supervisory structure.

Many companies now are also buying cyber policies separate and apart from D&O and E&O policies. Those are the layers of coverage that are available to companies and the ones corporate counsel should have a basic understanding of; these are the wide-ranging types of policies that will respond to different claims.

Please tell us some best practices for maximizing and protecting your company’s insurance assets.

Where companies tend to run into trouble is where they’ve purchased a really good policy, but don’t have a good plan for when they’re going to notify the insurers of potential issues that might give rise to a claim. Or they get a demand letter from a counterparty or shareholders and don’t think it is necessary to give notice to the insurer. It is best to create a consistent plan for when and how new claims get tendered to the insurers. Most policies require reporting a claim as soon as practicable after certain people within the organization have knowledge of it.

Many of these policies are what are called “claims made and reported” policies that only work on a 12-month cycle. So if you receive a claim and you wait to notify the insurer after the policy is expired, the insurer is likely going to take the position that you didn’t give notice in time. It won’t matter whether or not the insurer was prejudiced by the late notice when dealing with these “claims made and reported” policies. So it’s very important for the corporate legal department to have a plan for every time a new claim comes in the door, or there’s a new incident that could give rise to a claim; a well-rehearsed and well-documented procedure that people can execute on. Because not every corporate counsel sees every issue, so those who are receiving the demands should be trained to at least escalate to somebody within the legal department or the risk management department so it can be determined how and whether to provide notice to the insurance company.

Secondarily, I really encourage there to be a feedback loop between the legal and risk management departments to make sure that some best practices are being followed. Such as, after the insurer has been notified of a claim that there’s a process for responding to the insurer’s request for information; that you’re cooperating with the insurer, providing status updates on the claim; that you’re not taking any settlement offers or entering into any settlement discussions without informing the insurer of the prospect of settlement; and, where appropriate and necessary, that you’re getting the insurer’s consent to settle. Not doing those things is an easy way to jeopardize the policy coverage.

So the key takeaways are: Have a process for noticing, make sure you’re providing information that is being requested, have a feedback loop with your risk management department, and make sure you’re not settling claims without insurer notice.

Are there any particular industry sectors that have had growing insurance claims recovery matters, such as energy and renewable energy, crypto, cybersecurity or others?

Cyberattacks have been a concern for at least the last decade and are a growing concern as bad actors proliferate and evolve their techniques, whether that’s phishing, hacking or data breaches. All of our clients are very focused on cyber risk and really want to make sure they have the best possible cyber policies in the market so they have the least disruption to their business in the event of a cyberattack that either stalls their systems or exposes them to potential third-party liability because of a breach of private information.

What I’m seeing evolving now is a significant amount of litigation around the unlawful collection and distribution of biometric information, such as a fingerprint, voice print, and facial recognition software. So the next phase of privacy breach litigation likely will involve biometric information.

Also, many hospital systems are now being subjected to litigation for allegedly collecting and distributing private medical information through various internet sites. Data privacy generally is a growing concern for all companies that collect any sort of customer personal information.

As to the companies or private equity firms that invested in, for example, crypto, we anticipate that, in the next year or two, they’re going to see shareholder and investor claims alleging that, by investing in cryptocurrencies, they mishandled shareholder and investor funds and breached fiduciary duties, particularly triggering coverage under D&O policies. Also SPAC-related claims are likely to increase and trigger coverage under D&O Policies.

What insurance policies are typically triggered when a company is sued?

There’s no single policy that responds to all claims. The way a well-designed insurance program works is that the company buys four or five different lines of coverage—sometimes six or seven depending on the company—and they’re all meant to cover different risks. So which policy responds will depend on who is making the claim and what the allegations are.

If you are a private or public company facing a shareholder claim and your investors are claiming there was a breach of fiduciary duty by the directors and officers, typically your D&O policy is going to respond to that. If you have a government investigation, whether it’s a Securities and Exchange Commission subpoena or a civil investigative demand, or some other agency is investigating the company, that could trigger either a D&O policy or E&O policy.

If you have a claim by a customer or a class action by a group of customers taking the position that you wrongfully handled their accounts or you violated certain laws in the process of providing certain services to them, such as lending, repossession, foreclosure, credit issues, etc., those are all typically going to trigger an E&O policy. Those are designed to protect the company against claims by customers for the professional services the company provides.

If you’re being sued because there’s an alleged data breach of private information, you typically would start with your cyber policy, and then your commercial general liability policy may also respond to that because CGL policies also have a personal injury component that sometimes responds to privacy or advertising-injury claims. If you have a claim by an employee for wrongful termination or harassment, etc., that would trigger your employment practices liability insurance.

So there’s generally a suite of policies that are all meant to work together, each of them covering a different risk.

What coverage issues typically arise for insureds during litigation or class action lawsuits?

The coverage issues that typically arise are, broadly speaking, that there would’ve been coverage under the policy, but the insurer was not timely notified. That’s why notice is an important component for protecting your investment in insurance. Insurance should be viewed as an asset of the company. We frequently see companies that have purchased insurance, but because notice was not provided timely, the insurer will raise the defense that there’s no coverage because of lack of timely notice. This is a gift to the insurer.

We also frequently debate with insurers about whether a written notice from a government agency asking for information rises to the level of a claim under the policy, such that the insurer needs to pay for defense costs in responding to that subpoena.

Other issues that arise involve specific exclusions that come as a surprise to the company. I’ve had clients who are in a particular line of business and, unbeknownst to them, there’s a broad exclusion in the policy that basically says anything that arises out of this particular line of business is excluded. Well, what was the point of that policy? Somebody wasn’t paying attention when the policy was placed. These types of surprise exclusions often catch companies off guard because they didn’t realize a certain risk was either completely excluded or limited.

Other broad issues that we commonly see are insurers taking the position that the company had prior knowledge of particular issues that later gave rise to a claim but didn’t properly complete the application process or inform the insurer that a particular event had happened or there were claims brewing behind the scenes. At times, the insurance company will allege the insured basically misrepresented its status and the carrier insured the risk without fully understanding the company’s risk profile and seek rescission of the policy.

We also see insurers trying to take the position that, because there are fraud allegations or intentional conduct allegations, they are not responsible to provide any coverage, including defense costs, for those types of claims.

Published .