ATLANTA, April 26, 2012 – Maloy Risk Services, Inc., today announced its renewed appointment as the sponsored insurance broker to the Technology Association of Georgia (TAG), a trade organization that serves as an advocate for technology companies and their leaders. In addition, Maloy Risks Services, a leading provider of property/casualty and risk management services to the technology industry, has added the ACE Group’s comprehensive suite of foreign casualty package policies and D&O coverage to the suite of products already offered to this membership.

Underwritten by ACE Commercial Risk Services® and ACE USA, this offering provides access to ACE’s International Advantage® Casualty offerings through a simple package policy. For companies doing business overseas, coverage provides access to ACE’s extensive international network, and offers a full-range of high-value, economical insurance coverage that is highly scalable for companies just beginning to expand globally. ACE Commercial Risk Services® is also proud to provide their management liability suite of products which includes Directors & Officers, Employment Practices, Fiduciary, and Crime insurance to eligible individuals of member companies.

As a provider to a number of associations with broad member bases, Maloy Risk Services has extensive knowledge of working with start-ups and early stage companies to growth and mature companies, offering customized insurance services in line with their business needs. In addition, Maloy has extensive connections with many underwriting companies and through a membership model, is able to secure coverage protection plans at reduced costs.

“Having placed many programs for other technology associations, we know the needs of their industry as well as the appropriate insurance requirements based on size and stage of the company. We supported a number of TAG members last year and are excited to continue the momentum. Based on feedback from members, we’ve also added some key resources this year, and are pleased to welcome ACE and its vast international experience breadth of product offerings,” said Richard A. Maloy, Jr., CEO of Maloy Risk Services.

David Lupica, Division President, ACE Commercial Risk Services, commented, “The Maloy organization has years of experience with association marketing and is firmly entrenched with the TAG. We are excited about the launch and showing our product capabilities to this select group of individuals.”

“Our knowledge and solutions for the unique needs of clients that have operations or employees who travel outside the U.S. made partnering with TAG and Maloy an easy decision,” said Tim Benson, Senior Vice President, ACE Multinational Group.

ACE’s program, called ACE International Advantage®, offers customized protection in an attractive, easy-to-use package to meet the complex needs of clients who have operations or employees who travel outside the U.S., and is backed by a unique combination of financial strength, stability and service excellence. Insurance is provided by companies within the ACE Group or its allied distribution associates.

Eligible members will receive an insurance consultation from Maloy’s commercial lines representatives, who will work with ACE directly, to secure pricing and coverage options that fit client needs. Member accounts will be individually underwritten, making this benefit available at no cost to the member organization.

About ACE:
ACE Commercial Risk Services is an operation within the ACE Group that is dedicated to providing specialty insurance products that offer solutions for small business needs in North America. ACE Commercial Risk Services offers its products through retail agents and brokers, wholesale brokers, program agents and alternative distribution models. Additional information can be found at www.acecrs.com. ACE USA is the retail-focused operations of the ACE Group in the U.S. The ACE Group is a global leader in insurance and reinsurance serving a diverse group of clients. Headed by ACE Limited (NYSE: ACE), a component of the S&P 500 stock index, the ACE Group conducts its business on a worldwide basis with operating subsidiaries in more than 50 countries. Additional information can be found at http://www.acegroup.com.

About The Technology Association of Georgia (TAG)
The Technology Association of Georgia (TAG) is the leading technology industry association in the state, serving more than 15,000 members and hosting over 200 events each year. TAG serves as an umbrella organization for 30 industry societies, each of which provides rich content for TAG constituents. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances a tech-based economy. The association provides members with access to networking and educational programs; recognizes and promotes Georgia’s technology leaders and companies; and advocates for legislative action that enhances the state’s economic climate for technology. Additionally, the TAG Education Collaborative (TAG’s charitable arm) focuses on helping science, technology, engineering and math (STEM) education initiatives thrive. For more information visit the TAG website at www.tagonline.org or TAG’s community website at www.TAGthink.com. To learn about the TAG-Ed Collaborative visit http://www.tagedonline.org/.

About Maloy Risk Services, Inc.
Maloy Risk Services, Inc. is a leading provider of property and casualty insurance brokerage and risk management services to the hedge fund, venture capital, life sciences and technology industries. Maloy Risk Services has offices in New York City, Princeton, NJ and Atlanta, Georgia. To learn more about Maloy Risk Services, please visit their web site, http://www.maloyrs.com.

As the markets recovered in mid-2009 and 2010, many fund managers simply felt the time was right to walk away. Having just recouped much of their losses, they could return the assets to investors on solid terms and not have to deal with the regulatory scrutiny and reporting that was coming with the passage of the Dodd-Frank financial reform law.

Why deal with the regulatory environment when they could open a family office and invest their own billions? Why deal with the headache of investors, who have to reallocate exposure during every downturn, leaving the fund with limited assets and leverage? Why assume all of the additional costs for the “new” infrastructure and reporting requirements for registration?

So many veterans simply decide to take their ball and go home.

What does all of this mean for the remaining hedge-fund managers and their exposure as directors and officers?

In spite of insurance company concerns about regulatory investigations, insider trading and expert-network usage, insurance rates have fallen precipitously over the past few months for several reasons.

The insurers are getting a wealth of information–more transparency–from the hedge funds. This is the same information that is requested by an investor, which translates into better underwriting. Secondly, a directors’ and officers’ liability insurance policy is a fund expense and helps funds justify its purchase because it creates a greater spread of risk for insurers. Investors and independent directors are also requiring funds to show coverage, leading to the proliferation of policy purchasing, which gives insurers more actuarial data and more premium dollars to pay claims, lowering costs further.

As a result, more insurers have entered the space, chasing the high premium and low claims frequency of hedge fund D&O coverage and creating competition. The competitive environment has led to better pricing and better policy construction and coverage.

The D&O policy of 2011 has embraced the changes driven by manuscript policy language from lawyers, competent insurance brokers and insurers. The new policy forms that have been launched in the past four months by several major industry players have brought a wealth of new coverage and have enhanced outdated concepts and language.

The definitions, exclusions and insuring agreements must be analyzed and modified for each fund due to their unique structures, and manuscript policy language, once the privy of larger funds, has now become a more mainstream policy by several insurers.

The following are critical areas that have changed and need to be carefully reviewed; otherwise, hedge funds may end up with an older policy form that leaves many exposures uninsured:

1. The definition of claim must include Wells notices, target letters and subpoenas, which often happen prior to a formal investigation. Without these coverage triggers, you would incur defense costs to respond that would not be covered until an actual formal order was brought, which can be significant.
2. The fraud and personal profit definition must include final non-appealable adjudication language, which means that the policy will defend the hedge fund director or officer against allegations of fraud or ill-gotten personal gain until a final verdict, including any appeal. We highlight “non-appealable” because this is relatively new language.
3. Definition of professional services must be broad enough to encompass all aspects of the management company and fund activities. Many older policies have limiting language that states that only the services performed for the fund are covered. The definition of fund does not include managed accounts so any managed account would fall through the cracks. It should be amended to include all service performed for any contract for a fee.
4. Definition of insured should be very broad and include independent contractors, temporary or leased employees, GC, CCO, tax director and other specialty positions.
5. Definition of insured entity is often narrowly defined and does not contemplate the complex structures of hedge funds. Most older policies are set up as a parent and subsidiary relationship, which leaves many uncovered entities within general partnership and limited liability corporate structures.
6. The contract exclusion needs to have a carve-back (which puts coverage back in) for the activities defined in the limited partnership agreements and should also include a carve-back for defense costs for breach of a contract.
7. The insured-versus-insured exclusion needs several carve-backs: pollution for derivative suits, advisors committee, bankruptcy trustees and whistleblowers.
8. The newly created fund threshold should be large enough to gain automatic coverage for potential new funds during the policy period.
9. Amend the definition of claim notice to the CFO and GC.
10. Make sure there is severability wording as it relates to the completion of the application. That way, the knowledge or acts of one cannot be imputed to others.
11. Cost of corrections coverage is now available. The professional liability insuring agreement can be endorsed to include trade errors. Previously, to gain coverage, an investor or outside third party would need to bring a suit against the management company to gain access to coverage. The policy needed a claim trigger. By adding this endorsement, however, you no longer need litigation to trigger the policy.

This list provides a sample. A full-blown list is beyond the scope of this article.

This is a good time to be a buyer of hedge fund D&O and professional liability insurance. Further price reduction hinges on how aggressive the Securities and Exchange Commission, U.S. Commodity Futures Trading Commission and other regulatory agencies become over the next 12 to 18 months. Premiums were significantly lower in 2010 and continue to move lower in 2011 due to the sheer number of interested insurers. If the whistle blower claims gain their projected momentum in 2011, premiums may begin to rise and coverage may get restricted in 2012.

Only a few years ago, the litigation cost estimates due to failed banks, the implosion of mortgage real estate investment trusts and the collateralized debt obligation meltdown were in the hundreds of billions of dollars, which sent D&O and professional liability prices skyrocketing. In 2007, the average price for the first $5 million of coverage was approximately $20,000 per million. That increased to $30,000 to $35,000 in 2008, especially for any fund that showed poor performance and large redemptions.

Insurers were concerned about litigation focused on side pockets, lockups and preferential treatment during a wind down. Although there were some marquee claims–Pequot, Amaranth and Stanford (Galleon and Madoff had no insurance)–that hit insurers, the brunt of litigation that was expected did not materialize. That which did was based on insider trading or fraud and not the actual winding down of the funds.

Many of the marquee cases and the vitriol against Wall Street led to a new regime at the SEC, run by Robert Khuzami, head of SEC enforcement. Khuzami has since restructured the division and the SEC has had several major successes, Galleon being the current and most prominent. If you look at the Galleon case, the SEC’s use of wiretapping signals a new aggressiveness.

The passage of Dodd-Frank and, in particular, the provision within it that extends whistle-blowing into the private sector, is projected to bring on an onslaught of claims. Whistleblowers can receive up to 30 percent of the fines and penalties, which could create a new cottage industry for plaintiffs’ attorneys and their clients.

This new era of enforcement puts hedge funds in the cross hairs. Insurers will be monitoring the insider trading cases from whistleblowers and the use of expert networks because their policies now cover regulatory investigations. The use of expert networks has become one of the most scrutinized areas of a hedge funds’ compliance and due diligence by the insurers.

Funds also need to be concerned with fund closure; bankruptcy; stepping outside of the strategy; fraud; trade errors; miscalculation of the net asset value; breach of fiduciary duty; and employment-related issues surrounding wrongful termination, discrimination and sexual harassment. All contribute to professional liability claims.

After a company fails, the founder and employees are immediately off to find their next job leaving only the Directors to wind down the company. Once in Bankruptcy, the courts will appoint a Trustee to oversee the liquidation; this is where the fun begins. The Trustees job is to find as much money to give back to creditors. Often since the company has no money, the look at the decision made by the directors and officers to see if their decision were prudent during the company’s lifetime. Often the Trustees will bring suit against the directors and officers for decisions made that were not in the best interest of the company. Since the company went bust, this is often not a difficult task.

The portfolio company’s Directors and Officers liability policy is the first line of defense, but in most bankruptcies the insurance winds up not getting paid and it cancels. Since Directors and Officers policies are Claims-Made Policies, the policy must be in force at the time of claim. If the Directors of the company are diligent they may see bankruptcy is the likely outcome and inform the insurer to exercise the extended reporting provisions with the policy (tail coverage) which allows claims to be brought for a specified period beyond the closure of the company. This is great in theory, but often does not happen because the company has no money to pay the premium and the directors are left to defend themselves. If you are an independent director it would be prudent to buy your own Individual Director Liability (IDL) policy, particularly if you sit on many boards. If you are the appointed board member for the Venture firm you may have one more line of defense, if the firm has their own Management Liability policy. This combination Directors and Officers/Professional Liability Policy provides protection to the appointed board members of the firm. The Outside Director Liability section of the Management Liability policy extends the policy limits to the appointed directors in excess over any available indemnification or collectible insurance at the portfolio company level. Keep in mind this is only available for the Venture Firm’s directors.

Claims against directors and officers as a result of bankruptcy have become prolific in the past few years. As a Director, ask questions about your protection. Venture firms make sure your policy conforms to the new regulations and industry climate. If a bankruptcy hits one of your portfolio companies, make sure there is enough money to pay for the Extended Reporting Period. As a last resort, the directors can pay for the extended reporting period premium themselves. This may be the best pre-paid legal fees you will ever buy.

The greatly heightened expectations of investors means that they are quicker to sue when things don’t go their way, and the degree of regulatory scrutiny is making it almost impossible for any hedge fund company to function without a solid hedge fund directors and officers/professional liability insurance policy.

The list of risks faced by hedge fund companies and managers is growing, but unfortunately, many companies are simply unaware of all the risks they face in this new climate. The liabilities you face are much more complicated these days than simple allegations of mismanagement or fraud. Now hedge fund companies and managers can come under attack for everything from stock manipulation to short selling, and that’s just the beginning.

For instance, suits can range from something as large as a full blown SEC or CFTC regulatory investigation and something as small as not amending your fund documents to reflect a new strategy.

The transition of the hedge fund industry into the digital age also poses a new set of risks for your company. Previously the concern was about employee theft; today your company faces a great deal of risk for losing proprietary data through IT or network breaches, as well as infringement on your intellectual property.

Past insurance policies were very limited when addressing these issues, if they did at all. It is crucial to revisit the contracts and make sure they have the cutting edge language that is current. Although your company might have been able to get by on a limited policy in the past, that is simply no longer a feasible option for any company that deals in such a volatile and high-stakes industry. Pricing has never been lower for these upgraded and current insurance products, so the time is right to make sure your hedge fund liability insurance policy is up to date.

At the end of 2008, the insurance industry was scared. The cost estimates to insurers due to failed banks, the implosion of mortgage REITs and the CDO meltdown were in the hundreds of billions of dollars, which sent prices skyrocketing for Directors and Officers and Professional liability. For the first $5M of coverage of rate per million moved from $20K in 2007 to $30-35K in 2008; especially for any fund that showed poor performance and large redemptions. Several of our clients’ premiums doubled in 2008 and early 2009 due to “headline underwriting”. During 2008- 2009 many funds closed and the underwriting community was sure litigation focused on side pockets, lock ups and preferential treatment during a wind down would occur. Although there were some marquee claims that hit insurers: Pequot, Amaranth, Stanford, SAC, the brunt of litigation that was expected did not materialize.

Many of the marquee cases and the vitriol against Wall Street has led to a new regime at the SEC. Robert Khuzami, Head of SEC Enforcement, made a speech on Dec. 8, 2009 at the AICPA National Conference that provided the following statics on enforcement:

While statistics alone do not tell the whole story, recent data provide real evidence that we are fulfilling our core mission of investor protection. This past fiscal year, the SEC:

• Ordered wrongdoers to disgorge over $2.0 billion in ill-gotten gains (an increase of 170% over fiscal 2008);
• Ordered wrongdoers to pay penalties of $345 million (an increase of 35% over fiscal 2008);
• Sought 71 emergency temporary restraining orders to halt ongoing misconduct and prevent further investor harm (an increase of 82% over fiscal 2008);
• Sought 82 asset freezes to preserve assets for the benefit of investors (an increase of 78% over fiscal 2008); and
• Issued 496 orders opening formal investigations (an increase of over 100% over fiscal 2008).

The black eye suffered by the SEC forced Mr. Khuzami to restructure the division and step up every phase of the unit. If you look at the Galleon case, they used surveillance techniques normally used by the FBI for RICO cases. This is a new era of enforcement and hedge funds are in the line of fire. These are troubling numbers to insurers since their policies provide defense costs for regulatory investigations and the US government has an unlimited enforcement budget. E-mail discovery alone can run into the tens of millions of dollars as it did in the Pequot case.

Beyond regulatory investigations funds need to be concerned with fund closure, bankruptcy, stepping outside of the strategy, fraud, trade errors, miscalculation of the NAV, breach of fiduciary duty, and employment related issues surrounding wrongful termination, discrimination, and sexual harassment which all contribute to D&O, E&O or Employment Practices Liability claims.
Even with the passage of Dodd-Frank, Directors and Officers coverage has become more affordable for several reasons. One, the insurers believe that even if there is more regulatory scrutiny, ultimately that will lead to a lower number claims and fewer bad actors.Two, the policy is a fund expense which has helped more funds purchase the product creating a greater spread of risk. Three, investor and independent director demand has added to the proliferation of policy purchasing, which again gives insurers more actuarial data and more premium dollars to pay claims helping to lower costs. Finally, there are more insurers entering the space as the claims trends of the past seem to be less costly than first perceived. Competition is beginning to heat up.

Beyond pricing, our panelist stressed the importance of policy negotiation, in particular, definitions, exclusions and insuring agreements. Many off- the-shelf products from the insurers have gaps in coverage. Since the D&O policy provides protection for the Directors, Officers, Partners, Members, Funds, GPs and any blocker or feeder entities it is important to make sure the insurance policy structure backstops the indemnification within the fund documents; or, replaces that indemnification if the fund is unable or unwilling to provide that indemnification. I will highlight a few critical areas that need to be addressed in policy negotiation, but a full blown discussion is beyond the scope of this article.

• The Definition of Claim must include wells notices, target letters and subpoenas, which often happen prior to a formal investigation. Without these coverage triggers you would incur defense costs to respond that would not be covered until an actual formal order was brought which can be significant.

• The Fraud and Personal Profit definition must include final adjudication language, which means that the policy will defend you against allegations of fraud or ill gotten personal gain until a final verdict has been rendered, without it the insurer can invoke the fraud exclusion and deny coverage.

• Definition of Professional Services must be broad enough to encompass all aspects of the management company and fund activities. Many policies have limiting language, which states that only the services performed for the fund are covered. The definition of fund does not include Managed Accounts so any Managed Account would fall through the cracks. It should be amended to include all service performed for any contract for a fee.

• Definition of Insured should be very broad and include independent contractors, temporary or leased employees, GC, CCO, Tax Director and other specialty positions.

• Definition of Insured Entity is often narrowly defined and does not contemplate the complex structures of hedge funds. Often it is set up as a parent and subsidiary relationship which leaves many uncovered entities within a General Partnership and LLC structure.

• The Contract Exclusion needs to have a carve back (puts coverage back in) for the activities defined in the LP agreements and should also include a carve back for defense costs for breach of a contract.

• Insured Vs. Insured exclusion needs several carve backs: Pollution for derivative suits, Advisors Committee, Bankruptcy Trustees and Whistle blowers.

• The newly created fund threshold should be large enough to gain automatic coverage for potential new funds during the policy period.

• Amend the definition of claim notice to the CFO and GC

• Severability of the application and wrongful acts, so that the knowledge or acts of one cannot be imputed to others.

When attempting to make these changes be sure that your insurance broker and outside attorney are experienced in this process as these negotiations are highly specialized.

In conclusion, this is good time to be a buyer of insurance. Further price reduction hinges on how aggressive the SEC and other regulatory agencies become over the next 12-18 months. We predict that premiums will be cautiously lower in 2010 and will continue to move lower in 2011 and 2012 as enforcement actions begin to modify behavior.

The discussion was well received by the hedge fund community and we are happy to share the notes, slides and contact information of the participants upon request.

With the passage of Dodd Frank, the hedge fund industry is in the crosshairs of the regulatory authorities. In light of the investment skullduggery that came about with the likes of Madoff, Stanford and Galleon, consumers are putting an eagle eye on their investments — with their lawyer’s help, of course. The SEC and CFTC are using tactics and tools that were once the realm of the Justice Department: wire taps, surveillance and now paying whistle-blowers 10-35% of any recovered ill gotten gain. This new heightened regulatory environment is spawning a plaintiffs’ bar cottage industry that was once found only in the world of public companies.

Many hedge fund managers fail to realize the hazards posed by events that are simply out of their control. If the market simply turns against your strategy, allegations of mismanagement, stock manipulation, and gross negligence can manifest even if you’ve done everything by the book. Even if you prevail against the allegations, the cost to defend your reputation is in the millions of dollars, crippling your funds performance or management company profits.

Finally, many hedge fund managers fail to realize the dangers that can come from inside their own walls. There’s always the threat of being sued by your employees for employment practice related matters, like sexual harassment, wrongful termination and discrimination. Employee theft from not only the fund and management company, but possibly with other trading partners. When you couple this with the risk of your network being compromised by a hack or breach, you have potential litigation for possible loss of proprietary data or intellectual property, its easy to see why so many hedge fund managers are realizing the importance of comprehensive risk management which would include the D&O/Professional, Crime, Network Security, Fiduciary Liability, Patent Infringement and Employment Practices Liability policies.

In such a high-risk, high-reward industry, having policies that can help mitigate the costs of defense which protects fund assets, why would you leave yourselves exposed?. The policies of the past were filled with exclusions and poor coverage language, it is imperative to make sure that your coverage is current. The game is always changing and being on top of the trends can mean the difference between the fund’s survival and failure. Hedge funds are in the business of mitigating risk, a properly structured insurance program is paramount toward that endeavor.

The first step to ensure your network is safe and compliant: develop a plan around network security through your own internal IT departments or with the help of an external technology firm. The plan should include disaster recovery, policies and procedures for employees (both internal and external if they work with/or on client systems), a regulatory compliance assessment, copyright and trademark infringement assessment of the web based activities and a full security threats analysis. A breach of network systems depending on your industry can range from annoying and time consuming to costly and devastating.

Even with a diligent network strategy you can still find yourself at the mercy of an attack. A properly designed Errors and Omissions Liability policy can mean the difference between shutting the doors or survival. Errors and Omissions Liability has come a long way in ten years. Once a simple policy for software and hardware developers the policies have morphed to take on the Cyber Liability risks that all companies face. The policies now include: Media Liability covering copyright and trademark infringement; Network Security Liability covering hacks, breaches and ransom demands; Privacy Liability covering the costs of regulatory investigations and client credit monitoring after personal information has been compromise; and finally first part coverage for acts committed by your own employees and not just from the outside world.

The list of actions items to secure your networks is long and needs professional guidance from IT, Legal and Insurance professionals. Make sure you incorporate a strategy and plan that includes these elements and you will be ready to handle that lost or stolen lap top with client data; that disgruntled employee who tampers with your systems; or those hackers out there who like to create havoc just to show everyone they can.

In the technology world, there’s been a genesis of where the E&O product has grown from just E&O to Cyber Security. E&O policies traditionally cover third party financial losses that a business has caused a client or other entity; these originally were built around hardware and software in the sense of possible programming mistakes made by software manufacturers. Copyright and trademark infringement were the first coverages added to E&O.

Now, as technology has advanced, worrying over an error in a software code is not enough; there are additional exposures from the entire online world.

Today most businesses have Web site issues that surround technology, and that puts them at risk. Cyber Security policies basically cover hack and breach; privacy; crisis management; copyright and trademark infringement; regulatory concerns; and computer virus attacks. Most businesses just don’t have static Web sites anymore. They have exposures with technology companies that have products, and could be sued by their clients because of hack or breach.

Fast forward another 10 or 15 years and everyone will have systems containing sensitive data—especially large retailers. Basically, any company that conducts online transactions will also face issues around copyright and trademark.

CyberSecurity by Chubb, a product of Chubb Specialty Insurance, was launched to deal with just such Web-related issues. It combines third-party (cyber liability) and first-party (cyber crime expense) coverages into one worldwide policy. The product covers direct loss, legal liability, and consequential loss resulting from cyber security breaches, including identity theft of social security numbers, credit card information and financial information, and e-vandalism by hackers.

Yet even though data breaches are something that most people are both aware of and concerned about, there has not a huge proliferation of people buying Cyber Security cover. They don’t seem to think there’s much exposure or loss. Like any new product, however, it does take people time to understand that it can happen to them.

Many business people seem to think that their IT Department will keep them secure, but they may not fully realize the potential financial ramifications to their clients when data becomes compromised. First of all, costs of a cyber breach can be huge—running into millions of dollars—depending on the number of clients affected. A retailer that has its customer credit card numbers stolen would have to cover the costs to monitor the credit reporting for its customers’ TRW reports for two full years.

Cyber Security contracts also typically include a crisis management component that covers public relations expenses to help a client handle a hack or breach and regain its good reputation.

Recent major data breaches show how dangerous it can be when a company’s sensitive information is compromised. In late December, some 2.2 million customers of the American Honda Motor Company of Torrance, Calif., had their personal information—names, email addresses, vehicle identification numbers and user IDs—exposed publicly when the Web site of a Honda vendor was hacked, according to the Privacy Rights Clearinghouse (www.privacyrights.org), a San Diego-based nonprofit organization providing consumer information and advocacy related to technology and personal privacy.

Some 2.7 million Acura customers also had their email addresses exposed in the same breach, but their names and other information were not exposed. At least 40 U.S. states have passed laws requiring that individuals be notified of security breaches related to businesses, educational institutions, government entities and the military, healthcare and medical providers, and nonprofit organizations, according to PRC.

That’s why Cyber Security cover is no longer an option for businesses; it’s an essential. Anybody who has an online presence taking credit cards has possession of sensitive customer data. A doctor’s practice stores sensitive patient information that also is subject to HIPAA laws. Even an insurance agency has exposure risk to its clients’ social security numbers. Almost any basic business with a web presence and client sensitive data on the web should have this protection.

Cyber Security cover is a fairly new product and insurance companies are still working out the pricing for individual policies. A small company may be able to forego a large policy and instead add a supplement to its E&O contract, while major retailers would see different types of Cyber Security programs with larger limits and higher premiums.

A Mom & Pop shop that has a Web site that ties back to its customer database would see a very low cost for a Cyber Security policy. Minimum premiums for a small-to-mid-sized company can range from $1,500 to $2,500 depending on the insurer. Policy cost can be a critical factor depending on the scope of the operation, the type of business a company doing and the data that it stores online. Many Cyber Security contracts are glorified E&O contracts. Cyber Security can also be standalone cover for just hack and breach. An experienced insurance agency or broker can help a client meet its individual Cyber Security needs and protect its sensitive technology information from becoming a public headache.

Maloy Risk Services Inc., New York, has developed a broad understanding of Cyber Security cover from 15 years of servicing technology clients. The fifth-generation family firm has been providing property/casualty insurance and risk management services since 1872, and specializes in technology, life sciences, hedge funds and private equity/venture capital.

Manufacturers generally buy the basics: product liability insurance, workers comp, and property insurance. Yet product recall or withdrawal is a real risk that some may choose to self-insure. Either they don’t really believe such an event will happen, or they feel that they have a good follow-up procedure in place if it should.

That may not be enough. If there is a claim or a product recall—which can and does happen to the best of companies—a Life Science manufacturer can simply look to its insurance company instead of using company assets to fund the recall. Premiums start around $15,000.

A current such case in the Life Science arena involves DePuy Orthopaedics, Inc. of Warsaw, Ind. The Johnson & Johnson subsidiary voluntarily recalled its ASR hip replacement system on August 10 after company data showed that a higher-than-normal number of patients—about 1 in 8—needed to have revision surgery to replace defective product. DePuy introduced the product in the United States in 2005.

The U.S. Senate’s Special Commission on Aging began hearing testimony from DePuy on April 13 to decide whether consumer lawsuits over the recall have merit. Some lawsuits allege the company knew of design problems but failed to adequately warn physicians, according to an April 12 report by MassDevice.com, an online news journal covering the medical devices industry.

Product Withdrawal or Product Recall Expense Insurance can take the risk out of such recalls by protecting first- and third-party expenses over damages. Chubb, Travelers and Chartis are three carriers that offer such products specifically tied to the Life Science industry. Crisis Management Insurance can be purchased as well to cover ensuing costs associated with the recall.

A product recall is comprised of two primary elements: financial cost and reputation. The pure financial piece of a product recall includes the cost of communicating the recall; locating and retrieving the product, including transportation and storage; and the potential destruction and disposal of the recalled products. First-party coverages include direct costs to the company or manufacturer; third-party coverages are for those entities that may sustain a financial loss due to the recall: a distributor, physician or hospital.

The bigger piece is the permanent damage a recall can do to a company’s reputation. Basically, there are two types of product recall: voluntary and compulsory. In a voluntary recall, the company or manufacturer has discovered a problem and feels that due to a quality control or other issue, they decide to recall the product. A compulsory product recall is one required by the federal Food & Drug Administration. The difference between the two can be staggering.

The infamous Tylenol product recall of October 1982 was one that was done right; manufacturer Johnson & Johnson voluntarily launched the nation’s first massive product recall when seven Chicago area consumers died after taking cyanide-laced Tylenol Capsules. Consumers were immediately contacted, new safety packaging was put into place, and the brand remains a U.S. staple.

The Ford Motor Co.’s June 1978 recall of its Pinto model is an example of a poorly handled recall. The company was compelled to recall 1.5 million 1971-1976 Ford Pinto models, and 30,000 1975-76 Mercury Bobcat sedan and hatchback models, for defects in the fuel tank design that made them “susceptible to fire in the event of a moderate-speed rear end collision,” according to the Center for Auto Safety. Six people were killed nationwide. Ford succumbed to a recall only after four years of litigation, CAS petitioning, and an investigation by the National Highway Traffic Safety Administration’s Office of Defect Investigations.

The difference: Tylenol exists today; the Pinto is a distant memory. Acknowledgement is the critical issue here. It’s a good business practice to expect mistakes, but that’s only one piece of the plan. Every Life Science company should consult with an expert about the possibility of total product recall or creating a crisis management plan before a failed product becomes a major issue.

The consultant may first look into regulatory requirements: when is a company required to disclose to the FDA that an issue has arisen rather than facing legal issues and fines. Companies that distribute products internationally also need to learn the regulatory requirements—if any—of the countries in which they do business. There may not be a regulatory requirement in say, Paraguay, but would the brand still be damaged with lack of action on a particular issue? That’s where voluntary vs. compulsory recall comes into play. It’s better to make the first move.

The next step may be to develop a set of procedures for a Product Recall Manual: developing a chain of command; making sure the entire team is accessible by keeping correct email and contact numbers; and identifying your point of contact for media so a consistent message is delivered to the consumer. You should also have a system in place to handle customer complaints.

Then implement it. Take it on a test run. Treat it like a company fire drill: knowing where a fire could break out or impede escape and having an exit plan. With crisis management, you’re zeroing in on the possible risks within your product and laying out a step-by-step instruction manual on how to make it right. Periodically perform a mock recall, and make sure all your team members play their part.

Rebuilding the brand is the final step. The right move could be to kill the brand and move on to something else—as Ford did with the Pinto—especially if the recall was sizable and handled ineffectively.

Handling a product recall issue from a risk management perspective can save not only the company’s assets, but also the company itself.

At the end of 2008 the insurance industry was scared. The litigation cost estimates due to failed banks, the implosion of mortgage real estate investment trusts (REITs) and the collateralized debt obligation (CDO) meltdown were in the hundreds of billions of dollars, which sent prices skyrocketing for D&O and professional liability. The price for the first $5mn of coverage was $20,000 per million in 2007 and moved to $30,000-$35,000 in 2008, especially for any fund that showed poor performance and large redemptions.

Several of our clients’ premiums doubled in late 2008 and through 2009 due to “headline underwriting”, as the press was mauling the hedge funds and insurers were sure that claims would follow. They were concerned about litigation focused on side pockets, lock-ups and preferential treatment during a wind-down. Although there were some marquee claims that hit insurers – Pequot, Amaranth, Stanford, SAC – the brunt of the litigation that was expected did not materialise.

Many of the marquee cases and the vitriol against Wall Street led to a new regime at the Securities and Exchange Commission (SEC), run by Robert Khuzami, head of SEC Enforcement. Khuzami made a speech on 8 December 2009 at the AICPA National Conference that provided the following statics on enforcement.

By the numbers

Khuzami said that while statistics alone do not tell the whole story, recent data provided real evidence that the SEC was fulfilling its core mission of investor protection. He added that in the past fiscal year, the SEC ordered wrongdoers to disgorge over $2bn in ill-gotten gains (an increase of 170 percent over fiscal year 2008), pay penalties of $345mn (an increase of 35 percent over fiscal year 2008) and sought 71 emergency temporary restraining orders to halt ongoing misconduct and prevent further investor harm (an increase of 82 percent over fiscal year 2008).

He continued that the SEC also sought 82 asset freezes to preserve assets for the benefit of investors (an increase of 78 percent over fiscal year 2008) and issued 496 orders opening formal investigations (an increase of over 100 percent over fiscal year 2008).

The black eye suffered by the SEC in the Madoff case forced Khuzami to restructure the division and step up every phase of the unit. If you look at the Galleon case, they used surveillance techniques normally used by the FBI under the Racketeer Influenced and Corrupt Organizations (RICO) Act such as wiretapping.

The passage of Dodd-Frank, and in particular the extension of whistle blowing into the private sector, is projected to bring an onslaught of claims. The whistle blowers can receive up to 30 percent of the fines and penalties, creating a new cottage industry for plaintiffs’ attorneys. Secondly, the policy is a fund expense that helps funds justify purchasing the product, which has created a greater spread of risk for insurers and their whistle blowers. This new era of enforcement puts hedge funds in the cross hairs. Since insurer policies provide defence costs for regulatory investigations and the US government has an unlimited enforcement budget, insurers are concerned and will be monitoring these claims as they begin to materialise.

Beyond regulatory investigations funds need to be concerned with fund closure, bankruptcy, stepping outside of a strategy, fraud, trade errors, miscalculation of the net asset value (NAV), breach of fiduciary duty, and employment-related issues surrounding wrongful termination, discrimination and sexual harassment, which all contribute to D&O, E&O or employment practices liability claims.

Pricing falls

In spite of all of the new regulation rates fell precipitously in 2010 and D&O liability rates are back to 2007 levels for several reasons. Firstly, the insurers believe that regulatory scrutiny will ultimately lead to a lower number of claims and that transparency and underwriting information will be more readily available. Secondly, the policy is a fund expense that helps funds justify purchasing the product, which has created a greater spread of risk for insurers. Thirdly, investors and independent directors have required funds to show coverage, which has led to a proliferation of policy purchasing. This again gives insurers more actuarial data and more premium dollars to pay claims, thus lowering costs further.

As a result, more insurers have entered the space in an effort to attract the high premium, low claim frequency hedge fund D&O premium, pushing costs down again. This competitive environment has been great for hedge funds as they have seen major price reductions and greatly enhanced coverage over the past six-to-12 months.

Beyond pricing, negotiation of terms and conditions has changed rapidly to keep up with the regulatory environment and the passage of the Dodd-Frank Act. The definitions, exclusions and insuring agreements must be analyzed and modified for each fund due to their unique structures.

This is a good time to be a buyer of insurance. Further price reduction hinges on how aggressive the SEC, the Commodity Futures Trading Commission and other regulatory agencies become over the next 12-18 months. Premiums were significantly lower in 2010 and will continue to fall in 2011 due to the sheer number of interested insurers. If the whistle blower claims gain their projected momentum in 2011, premiums will begin to rise in 2012.

10 Point Checklist

The following are critical areas that need to be addressed in policy negotiation, but a full-blown discussion is beyond the scope of this article:

1. The definition of claim must include wells notices, target letters and subpoenas, which often happen prior to a formal investigation. Without these coverage triggers you incur defence costs to respond that would not be covered until an actual formal order was brought, which can be significant.
2. The fraud and personal profit definition must include final adjudication language, which means that the policy will defend you against allegations of fraud or ill-gotten personal gain until a final verdict has been rendered. Without it, the insurer can invoke the fraud exclusion and deny coverage.
3. The definition of professional services must be broad enough to encompass all aspects of the management company and fund activities. Many policies have limiting languages that only the services performed for the fund are covered. The definition of fund does not include managed accounts, so any managed account would fall through the cracks. It should be amended to include all services performed for any contract for a fee.
4. The definition of insured should be very broad and include independent contractors, temporary or leased employees, general counsel, CCOs, tax directors and other specialty positions.
5. The insured entity is often narrowly defined and does not contemplate the complex structures of hedge funds. Often it is set up as a parent and subsidiary relationship, which leaves many uncovered entities within a general partnership and limited liability corporation (LLC) structure.
6. The contract exclusion needs to have a carve-back (puts coverage back in) for the activities defined in the LP agreements and should also include a carve-back for defense costs for breach of a contract
7. Insured vs insured exclusion needs several carve-backs: Pollution for derivative suits, advisers committee, bankruptcy trustees and whistle blowers. With the passage of Dodd-Frank, whistle blower claims are going to be on the rise since the act now allows whistle blowers to be paid 10-30 percent of any fine or penalty levied against a fund or management company. The SEC is currently being inundated with insider trading tips and is trying to ferret out real cases.
8. The newly created fund threshold should be large enough to gain automatic coverage for potential new funds during the policy period
9. Amend the definition of claim notice to the CFO and general counsel
10. Ensure you have severability of the application and wrongful acts, so that the knowledge or acts of one cannot be imputed to others.