3 Common Insurance Gaps at Banks

Banks must take risk management seriously – and part of managing risk is properly insuring property and casualty risk. Below are the three critical, yet commonly overlooked, areas that institutions should be aware of in addressing their property and casualty insurance program.

1. Think Deeply About the Bank’s Entire Risk Profile
Banks are a complicated risk entity without a cookie-cutter insurance blueprint. The bank business model makes banks a natural target for criminal acts, while daily operations leaves the bank exposed to a host of liability claims. We have also recently seen an increase in regulatory scrutiny related to banks, especially banks’ cyber exposure. Another factor working against the bank is the lack of set standards, guidance and/or oversight of their insurance program. These factors combined make banks particularly complicated to insure competently.

It is imperative that banks consider the entirety of their risks in ensuring they have appropriate coverage and limits. Risk factors to consider include ownership structure, recent financial performance, geographic location, loss history, makeup of the board and management, business model and growth projections. When these factors are considered together, a bank can more completely insure its risks as many of the core coverage lines (and policy forms) are unique only to commercial banks.

2. Cyber Exposure Needs to Be Addressed Under Three Separate Policies
When most banks hear cyber insurance, they think of their cyber liability policy. Most carriers consider this computer systems fraud and it is intended to respond to electronic claims when the bank’s funds are lost or stolen. A typical non-bank cyber liability policy will also include a crime component for electronic losses like fraudulent instruction and electronic funds transfer fraud.

However, there are additional coverages specifically available to banks for cyber loss. The second is the bank’s FI Bond. This is a broader policy and can carry much higher limits. Other coverages under the FI Bond include computer systems fraud such as hacker and virus destruction, as well as voice initiated transfer fraud. There is also an option to insure “social engineering” claims through the bond FI policy.

The third policy that may apply in a cyber loss is the bankers professional liability (BPL). If a bank does not carry social engineering on their bond and a customer’s account is hacked through its own system (opposed to the bank’s) the FI bond likely will not cover the customer’s stolen money. A BPL may provide coverage for depositor’s liability in this case.
Bank should make sure that all three of these policies have adequate limits, do not have overlapping coverage, and also do not leave any gaps in coverage.

3. The Areas of Greatest Exposure
Although cyber and D&O are often the first two areas of insurance a bank focuses, we believe more attention should be paid to the bankers professional liability policy. In the most basic sense, BPL covers the bank for losses arising from any service the bank provides to a customer, aside from lending activity. It’s often colloquially called Bankers E&O and is essentially broad form negligence coverage.
Conversely, lender liability is intended to cover that which BPL excludes: wrongful acts arising from a loan or lending activity. It is important that banks have lender liability included within the BPL.

There are two main reasons BPL/lender liability are important:
1. The most frequent claim for banks falls under the BPL/lender liability. In 2021, 51% of bank liability claims fell under BPL or lender liability. Cyber liability and D&O claims constituted 8% and 12% of claims, respectively.
2. Since they are usually insured under the same insuring agreement, they also usually share one limit. A borrower suit that turns into a paid claim would also erode the BPL limit.

Most peer group average BPL and lender liability limits are relatively low; it’s recommended that banks keep their limit at or slightly above average, at a minimum.

Given the complex factors above, how can you know if your bank is protected? Consider the following questions:

• Are my financial institution and its officers protected from all the types of risk that could hurt us?
• Do I have a partner I trust to complement my unique business and offer integrated solutions that offer the right amount of coverage?
• How much time, productivity and fees does it cost the bank to have relationships with multiple brokers and advisors?

Insurance is complex. Threats to the security of your financial organization are ubiquitous. You should have an expert to help you navigate the process and build a tailored solution for your institution.