Going Beyond Compensation to Attract, Retain Top Talent

Written by

Your employees probably don’t think about needing long-term care (LTC), especially if they feel young and healthy. But now’s exactly the right time for you to help them plan for the future.

Baby boomers and successive generations will enjoy unprecedented longevity compared to previous generations. The upside is obvious. But there’s a downside: the number of chronic health conditions that can require costly long-term care. While most people conceptualize this need, they don’t have any LTC coverage. Meanwhile, employers may already offer group term life insurance to give employees extended benefits at the lower group premiums. There’s a way that banks can make this voluntary benefit more available and more portable — and even more attractive.

Many life insurance policies now offer riders or options that allow policyholders to access a portion of the death benefit to cover long-term care expenses. This flexibility allows policyholders to utilize the benefits of a life insurance policy to address potential LTC needs, so they can maintain financial stability and access quality care without depleting their assets.

This means banks can protect the financial future of employees with an affordable employer-sponsored LTC insurance program that:

  • Protects employees’ retirement plan. An ounce of prevention now can avert the disaster that an LTC episode can bring to individual financial portfolios.
  • Gives employees a choice about their care. Although Medicare and Medicaid may pay for some LTC costs, coverage may be limited.
  • Eases the burden on employees’ family. LTC insurance allows family members to be involved in the caregiving process without being the primary provider.

Life with LTC can be a complex financial planning product. Banks interested in offering the product should find someone to help guide them through the various options and lead the implementation process. A 2019 study found that 74% percent of employees feel that LTC is important, yet 25% of their employers offer it. Offering it is a way to fill a gap in your benefits portfolio, which could help attracting and retaining top talent.

One of the advantages of incorporating life insurance with LTC into a retention strategy is the ability to offer employees customized plans tailored to their needs. This flexibility allows employees to select coverage levels, beneficiaries and additional features based on their individual circumstances. Providing employees with choices fosters a sense of ownership and engagement, which can enhance job satisfaction and loyalty.

How It Works
Employer-sponsored life insurance with LTC benefits offer fully portable term or permanent life insurance that helps protect employees’ families during their working years, and includes meaningful long-term care benefits if extended care is needed. These benefits can be structured in ways that provide additional incentives and tax advantages for employees. Additionally, certain life insurance policies offer cash value accumulation that employees can access during their working years for various financial needs.

Long-term care can be costly to your employees and places a huge burden on most families who need it. In fact, health and disability insurance doesn’t even cover LTC costs. Medicare isn’t always the answer, either. For most, it’s an out-of-pocket expense that drains retirement savings. Look at the stats:

It’s important for banks to help their employees understand that LTC insurance is more affordable to them during their working years rather than later. Employer sponsored “hybrid” life insurance products with LTC riders can offer powerful coverage, underwriting concessions and additional benefits.

In today’s competitive employment landscape, organizations must go beyond traditional compensation packages to attract and retain top talent. Incorporating life insurance with LTC benefits into an employee retention strategy offers a range of advantages, from attracting and retaining talent to providing financial protection and flexibility. Recognizing the value of these benefits and investing in the long-term financial well-being of employees allows banks to position themselves as an employer of choice and build a loyal and engaged workforce.

Insurance services provided through NFP Executive Benefits, LLC. (NFP EB), a subsidiary of NFP Corp. (NFP). Doing business in California as NFP Executive Benefits & Insurance Agency, LLC. (License #OH86767). Securities offered through Kestra Investment Services, LLC, member FINRA/SIPC. Kestra Investment Services, LLC is not affiliated with NFP or NFP EB. Investor Disclosures: https://bit.ly/KF-Disclosures

3 Common Insurance Gaps at Banks

Written by

Banks must take risk management seriously – and part of managing risk is properly insuring property and casualty risk. Below are the three critical, yet commonly overlooked, areas that institutions should be aware of in addressing their property and casualty insurance program.

1. Think Deeply About the Bank’s Entire Risk Profile
Banks are a complicated risk entity without a cookie-cutter insurance blueprint. The bank business model makes banks a natural target for criminal acts, while daily operations leaves the bank exposed to a host of liability claims. We have also recently seen an increase in regulatory scrutiny related to banks, especially banks’ cyber exposure. Another factor working against the bank is the lack of set standards, guidance and/or oversight of their insurance program. These factors combined make banks particularly complicated to insure competently.

It is imperative that banks consider the entirety of their risks in ensuring they have appropriate coverage and limits. Risk factors to consider include ownership structure, recent financial performance, geographic location, loss history, makeup of the board and management, business model and growth projections. When these factors are considered together, a bank can more completely insure its risks as many of the core coverage lines (and policy forms) are unique only to commercial banks.

2. Cyber Exposure Needs to Be Addressed Under Three Separate Policies
When most banks hear cyber insurance, they think of their cyber liability policy. Most carriers consider this computer systems fraud and it is intended to respond to electronic claims when the bank’s funds are lost or stolen. A typical non-bank cyber liability policy will also include a crime component for electronic losses like fraudulent instruction and electronic funds transfer fraud.

However, there are additional coverages specifically available to banks for cyber loss. The second is the bank’s FI Bond. This is a broader policy and can carry much higher limits. Other coverages under the FI Bond include computer systems fraud such as hacker and virus destruction, as well as voice initiated transfer fraud. There is also an option to insure “social engineering” claims through the bond FI policy.

The third policy that may apply in a cyber loss is the bankers professional liability (BPL). If a bank does not carry social engineering on their bond and a customer’s account is hacked through its own system (opposed to the bank’s) the FI bond likely will not cover the customer’s stolen money. A BPL may provide coverage for depositor’s liability in this case.
Bank should make sure that all three of these policies have adequate limits, do not have overlapping coverage, and also do not leave any gaps in coverage.

3. The Areas of Greatest Exposure
Although cyber and D&O are often the first two areas of insurance a bank focuses, we believe more attention should be paid to the bankers professional liability policy. In the most basic sense, BPL covers the bank for losses arising from any service the bank provides to a customer, aside from lending activity. It’s often colloquially called Bankers E&O and is essentially broad form negligence coverage.
Conversely, lender liability is intended to cover that which BPL excludes: wrongful acts arising from a loan or lending activity. It is important that banks have lender liability included within the BPL.

There are two main reasons BPL/lender liability are important:
1. The most frequent claim for banks falls under the BPL/lender liability. In 2021, 51% of bank liability claims fell under BPL or lender liability. Cyber liability and D&O claims constituted 8% and 12% of claims, respectively.
2. Since they are usually insured under the same insuring agreement, they also usually share one limit. A borrower suit that turns into a paid claim would also erode the BPL limit.

Most peer group average BPL and lender liability limits are relatively low; it’s recommended that banks keep their limit at or slightly above average, at a minimum.

Given the complex factors above, how can you know if your bank is protected? Consider the following questions:

  • Are my financial institution and its officers protected from all the types of risk that could hurt us?
  • Do I have a partner I trust to complement my unique business and offer integrated solutions that offer the right amount of coverage?
  • How much time, productivity and fees does it cost the bank to have relationships with multiple brokers and advisors?

Insurance is complex. Threats to the security of your financial organization are ubiquitous. You should have an expert to help you navigate the process and build a tailored solution for your institution.

Risk/Reward: Can Insurtech Build Better Relationships With Your Bank Customers?

Written by


insurtech-5-8-18.pngThe rise of financial technology, or fintech, has not disrupted banks to the extent that many predicted it would. What it has done, however, is chip away at the number of services a given customer will seek from their bank. Instead of using their banking app to check balances and transfer funds, many use third party personal budgeting tools like Mint and peer-to-peer (P2P) payment apps like Venmo. Instead of seeking credit at their local branch, many consumers are turning to online lenders like SoFi. As customers spend less and less time engaging with their banks, brand loyalty is at risk, which is at a higher premium in today’s market.

So how can banks recapture engagement or retain loyalty? Adding an insurance offering could be an option for creating a new touchpoint with bank customers. To many bankers, this is not a new idea. The concept of bancassurance—where a bank serves as an insurance broker and directly offers products to its customers—has been around for a long time. But there is a wave of technological transformation taking place in the insurance space that could breathe new life into bank/insurance partnerships: insurtech.

Insurtech is very similar to fintech. At the core, these firms are about utilizing technology and data to shake up an incumbent industry. The end goal of insurtech is offering more targeted, consumer-centric insurance products and ways of accessing those products. Insurtech is still in the early stages of development but, according to customer experience technology firm, Quadient, most incumbent insurance firms now have a “strong plan or strategy for how they will deal with onboarding innovative technologies and channels” that they did not have just two or three years ago.

Banks utilize a few key models for incorporating insurance into their customer offerings:

Building a marketplace: The marketplace model is being pioneered by many digital-only challenger banks. For example, U.K.-based challenger banks Starling Bank and Monzo have rolled out in-app marketplaces that augment their basic checking accounts by linking customers to a bevy of outside partners, from insurance and pension providers to mortgage lenders. While it’s possible to generate referral fee income from this type of arrangement, this model has not proven to be a major revenue driver, as the banks have yet to see a month without losses.

The marketplace model does allow digital banks to offer services beyond their basic online consumer accounts without the stress of integrations and new partnerships, but that’s a challenge that most traditional banks do not face because they can typically offer payment transfers, loans, and more. While a marketplace would move incumbents closer to the Amazon-like platform model in vogue today, it doesn’t seem to offer a major value add for traditional banks.

Using white-label products: Taking the idea of an insurance marketplace a bit further, banks can also consider incorporating white-label products to help consumers access insurance or compare policies in the bank’s existing online platform. Fidor Bank, a digital institution out of Germany, created an online marketplace that allows customers to access curated fintech and insurtech products. The Fidor product, FinanceBay, is now available as a white-label product to other banks.

Many digital-first insurance providers offer ready-made affinity programs with white-label capability as well. With this increased connection between the bank and the third party insurance providers, though, liability becomes a much larger concern.

“Bancassurance,” or partnering to establish an insurance brokerage: A step even further than incorporating a white-label product to help customers find insurance would be to engage in a bancassurance model, where the bank would serve as an insurance broker actively selling insurance products to its banking clients. This form of partnership has been utilized heavily in countries such as France and Spain.

When Glass Steagal was repealed in 1999, those bank/nonbank commerce barriers were largely removed, but regulations, complicated corporate structuring questions and mixed results have largely kept the model out of the U.S. However, the recent partnership announced between Germany’s largest bank, Deutsche, and Berlin-based Friendsurance is bringing interest in this model back to the forefront.

By mid-2018, Deutsche plans to offer coverage from over 170 German insurers through its in-app insurance manager function, according to Insurance Journal. Friendsurance uses artificial intelligence to evaluate potential plans based not only on price but also on “the question of how financially stable the insurer is or how good its customer service is,” Friendsurance co-founder Tim Kunde told Handelsblatt Global in January. Deutsche will be establishing its own insurance brokerage firm run by Friendsurance as opposed to a simple referral program or marketplace tool. This differentiation, the bank hopes, will reinvigorate the bancassurance concept thanks to the added value the insurtech brings to the insurance buying experience.

However a bank/insurtech partnership takes shape, liability is a looming issue. The more deeply engrained a partnership is, the more complicated the liability analysis becomes. As with all major technology partnerships, banks should bring their regulators into the conversation early on if they’re considering a partnership with an insurtech provider.

Insurtech is a fast-growing sector, and the distribution of insurance products is becoming more prolific among retailers, utilities, lifestyle brands and more. If banks don’t begin to explore insurance partnership models, they may lose out on yet another opportunity to service their customers.

Key Trends in the BOLI Market in 2016

Written by


BOLI-market-6-22-16.pngIn 2015, the percentage of banks with bank-owned life insurance (BOLI) increased, the majority selected a General Account (GA) product and the cash surrender value of policies rose.

These are some of the conclusions drawn from the latest research from the Equias Alliance/Michael White Bank-Owned Life Insurance Holdings Report. Of the 6,182 banks in the U.S. operating at the end of last year, 60.5 percent now report holding BOLI assets. This percentage has consistently grown year after year. Further, the percentage of banks in each size category holding BOLI assets increased from the end of 2014 to the end of 2015 with banks in the $1 billion to $10 billion asset category having the highest percentage of BOLI at 82.5 percent.

BOLI assets reached $156.2 billion at the end of 2015, reflecting a 4.4 percent increase from $149.6 billion as of December 31, 2014. The growth in BOLI holdings is attributable to a variety of factors including an increase in the value of those holdings, first-time purchases of BOLI by banks, and additional purchases by banks already having BOLI on the books.

Holdings by Product Type
The highest dollar amount of BOLI assets continues to be held in Variable Separate Accounts (VSAs), where the investment risk is held by the policyholders and investment gains flow directly to them rather than the insurance carrier. VSA assets totaled $71.95 billion representing 46.1 percent of all BOLI assets as of December 31, 2015, down slightly from 47.6 percent at the end of 2014. At the same time, only 480 or 12.8 percent of all banks with BOLI reported holding VSA assets, down from 14.2 percent a year ago. Typically, only larger banks hold VSA assets because of the investment risk noted previously. The average amount of VSA assets held by these 480 banks is substantially larger than the average amount of General Account (GA) or Hybrid Separate Account (HSA) assets held by community banks due to the size differential between the banks.

The type of BOLI assets most widely held by banks in 2015 was GA. A GA’s cash surrender values are supported by the assets of the insurance company. Nearly 96 percent of banks with BOLI reported GA BOLI assets. In comparison to GA products, HSAs have not been available for purchase nearly as long. Since 2011, the number of banks using HSA products increased by 47 percent to 1,280. The above BOLI holding percentages exceed 100 percent since some banks have more than one type of BOLI product.

New Purchases of BOLI in 2015
According to a report from IBIS Associates, Inc., an independent market research firm, BOLI sales last year increased to $4.048 billion which were attributable to purchases by approximately 500 banks. This was 26 percent higher than the $3.214 billion reported in 2014 and was primarily due to a major increase in VSA premium which rose from $35.6 million in 2014 to $504.0 million in 2015. This was due, in part, to a few very large VSA purchases that may not be duplicated in future years.

Why BOLI Remains Popular
Feedback we have received from our clients suggests that the reasons BOLI remains appealing as an investment for banks has not changed in recent years:

  • It provides tax advantaged investment income not available with traditional bank investments, as well as attractive yields compared to alternative investments of a similar risk and duration
  • The growth in the cash value of the BOLI policies generates income for the bank and its shareholders
  • The bank receives the life insurance proceeds tax-free upon the death of an insured employee who elected to participate in the plan; and
  • The bank can use the income to pay for one or more non-qualified benefit plans to help attract and retain key executives, or use the income to help offset and recover employee benefit costs such as health care and retirement expenses.

Since BOLI currently offers a net yield ranging from approximately 2.25 percent to 3.75 percent, depending upon the carrier and product, BOLI remains a popular investment option for many financial institutions. For a bank in the 38 percent tax bracket, this translates into a tax equivalent yield of 3.62 percent to 6.05 percent.

Finally, based on our experience, banks owning BOLI policies remain very satisfied with their previous purchases and would consider making additional purchases in the future.

Captive Insurance Subsidiaries Proliferate Among Bank Holding Companies

Written by


captive-insurance-3-2-16.pngBanking is the business of managing risk. Be it credit risk, interest rate risk or technological risk, bankers are trying to control a highly leveraged earnings engine while avoiding risks that can result in sudden reversals of fortune.

Yet many of the biggest risks faced by bankers today are both uninsurable and unreserved for on the bank’s books, such as certain cyber risks and reputational risks. Even where third-party insurance policies may be available, they may provide coverage that bankers feel is cost-prohibitive. That’s where a captive insurance company may present a cost-effective, tax-efficient solution. A captive insurance company is the insurance company that you own. It allows you to insure the risks that your bank, holding company and the holding company’s other operating subsidiaries may face, writing real insurance policies against which you can make claims for losses.

While a variety of structures may be used to create captive insurance companies, so-called “small” captives provide a number of unique tax advantages for owners of small to mid-sized bank holding companies. They often are referred to as 831(b) captives, named after the Internal Revenue Code section that provides tax incentives for the creation and use of such entities.

Potential benefits of 831(b) captives are well-documented and will be enhanced in coming years by recent amendments made under the Protecting Americans from Tax Hikes Act of 2015 (the PATH Act). These include:

  • Insurance for risks that you already have on your books and for which policies in the marketplace are either prohibitively expensive or nonexistent;
  • Up to $1.2 million ($2.2 million beginning in 2017) in deductible premium expenses for your bank or bank holding company; and
  • Up to $1.2 million ($2.2 million beginning in 2017) in tax-free premium income to the captive insurance company.

While the changes under the PATH Act are new, the legislation facilitating small captives has been in place since 1986, which begs the question, why aren’t more bankers using them? The short answer is that, until recently, implementation of captives was very expensive and the legal underpinnings for them were somewhat shaky.  

However, the number of captives across the county has increased rapidly in recent years according to examiners we’ve spoken with from the Federal Reserve. This increase has resulted in part from a proliferation of “turnkey” providers who have developed proven models and technical solutions to reduce the costs of creating and administering a captive insurance company.

At the same time, the legal underpinnings of captive insurance companies have matured. Once a business relegated to exotic, typically offshore jurisdictions, captive insurance companies now may be formed in any one of the many states that have adopted comprehensive captive insurance company legislation, such as Delaware, Vermont, Nevada and Tennessee.

Furthermore, changes implemented by the PATH Act provide much-needed clarity on the types of captive structures that will be permitted under the Internal Revenue Code and therefore eligible for the tax advantages conferred by Section 831(b). While the types of tax avoidance structures that were targeted by the PATH Act probably would never have been permissible in banking due to affiliate transaction restrictions, the legislation provided clarity as to the types of diversification and/or ownership criteria that must be met to pass muster under IRS rules.

Finally, bank holding companies are allowed to underwrite any type of insurance for affiliated or unaffiliated entities. In addition, some state banking regulators have signaled their willingness to permit the formation of captive insurance companies in light of the activities that have been authorized for national banks by the Office of the Comptroller of the Currency.

Turnkey captive insurance providers have designed solutions that capitalize on this guidance to create compliant captives that can be taken “off the shelf” and plugged into your bank holding company structure. Altogether, this means that forming a captive is now cheaper and less risky from a legal and regulatory perspective than it has been in the past.

So, is your bank holding company a good candidate for a captive? Historically, forming a captive required owners to engage and work extensively with a team of attorneys, actuaries, accountants and other professionals. This resulted in customized solutions that were tailor-made for the company’s overall objectives. As it has become easier to form a captive using turnkey solutions, the customization and optimization of the captive for the sponsor’s overall business can be lost.

That’s why we recommend working with a team of advisers who are familiar with captives and can assist your turnkey provider in integrating a captive as part of your overall business and risk-management goals.

Understanding Your Bank’s Cyber Liability Policy

Written by


4-22-15-AHT.pngPer a recent CyberEdge Group report, 70 percent of 800 cybersecurity decision makers reported their network had been breached, which is up from 62 percent the year before. Additionally, we have found that a vast majority of hacking incidents are financially motivated, making banks much more likely targets than utilities, for example.

When presenting this trend to bankers, I often hear: “We are a smaller bank, so we are less likely to get hacked,” when in actuality, the opposite can be true. Most cyberattacks are levied against smaller companies whose cybersecurity measures are not as sophisticated.

Regulatory Response
At the 2014 Cybersecurity Roundtable, Securities and Exchange Commission (SEC) Chairman Mary Jo White stressed how critical cybersecurity is to this country’s infrastructure. Included at that presentation was an SEC-issued 28 point document outlining sample lists of information the agency may request during a cyber breach investigation, including copies of security policies and business continuity plans, proof of cyber insurance, and procedures for verifying the authenticity of funds transfers.

Cyber Liability Insurance and Impact on D&O Liability
When it comes to utilizing insurance to address and respond to cyber risk, there are two areas a bank should be concerned about:

  • The expense and liability that can arise in the wake of a cyberattack. (Cyber insurance should cover this.)
  • The liability to the board related to the perceived mismanagement of the bank’s cybersecurity, which resulted in the attack. (Directors & officers liability insurance, or D&O, should cover this.)

With regards to cyber liability insurance, it is helpful to understand that there are many coverage components available and not all of them are necessary for every bank. Typical cyber components can include:

  • Network liability: Responds to a claim against the bank (including the legal costs and settlements) that results from a breach in network security.
  • Regulatory coverage: Responds to costs associated with a regulatory investigation.
  • Crisis management: Can include public relations response to mitigate reputational risk.
  • Security breach mediation: Can cover costs associated with notification, forensics in response to a breach and credit monitoring. This category generates the highest number of claims for cyber liability insurance.
  • E-business interruption and additional expense: Reimburses lost revenue and expenses in order to make the bank whole (i.e. hiring an additional network support team).
  • Network Extortion: Reimburses a company for amounts paid to a third party (e.g. the extortionist) or expenses to prevent the actual extortion event from occurring.

When a bank is considering the purchase of a cyber policy, it is important to contemplate all of the exposures to ensure that the bank is selecting the most appropriate coverage for the institution.

Your bank’s cyber risk may also factor into the underwriting of your D&O liability insurance. We are seeing an exponential increase in interest from D&O underwriters regarding the bank’s cyber controls. In a recent AHT Insurance survey, we asked 75 D&O underwriters their level of concern. All D&O underwriters said a company’s cyber risks will factor into D&O underwriting. Sixty percent say it’s a major concern.

We also asked what additional underwriting questions they may have regarding cyber liability. These are the typical questions underwriters ask:

  • Please discuss your internal controls and safeguards regarding cybersecurity and if you insure that on a separate tower.
  • Do you currently carry cyber insurance and how robust is your IT security?
  • What is the company doing to address cyber exposure?
  • What is the threshold for board level involvement and public disclosure for cyber events?
  • Who is responsible for updating the board on privacy/cybersecurity concerns and how often do they report to the board?

What Can a Bank Do?
Cybersecurity needs to be a discussion at the board level, and should no longer just be thought of as an IT function. This includes board minutes which should reflect that cybersecurity was a regular discussion point. Also, protecting the company’s network alone is not enough. Regulators are increasingly asking questions about how a bank monitors the cyber risk of its vendors.

In summary, cybersecurity needs to be a global risk strategy that permeates throughout the entire company. A proactive approach should be adopted, including fostering a culture of awareness at all levels of the bank.

Keeping Your Head Above Water: Four Tips for Managing Flood Insurance Law Changes

Written by


1-19-15-Dinsmore.pngAmong the various areas of regulatory compliance, one area—compliance with flood insurance regulations—seems to cause an out-sized level of anxiety, and for good reason. Over the past several years, field examiners have been diligent in identifying and citing violations of the flood regulations, and many of these violations have resulted in imposition of civil money penalties (CMPs) against the violating banks. During 2013 and 2014, nearly 100 flood-related CMPs were imposed on banks, ranging in amount from $1,000 to well over $100,000. Paying penalties is never enjoyable, but is even less so in this era of tight margins and strained profitability.

Last year, President Obama signed into law the Homeowner Flood Insurance Affordability Act (HFIAA) as a way to dial back some of the increased costs associated with 2012 Flood Insurance Reform Act. The HFIAA will bring about a number of new and modified obligations on banks, which will become effective at various times during 2015 and 2016. Changes are coming in the areas of forced placement of insurance, acceptance of private flood insurance, escrowing of premiums, and exemptions to the mandatory purchase of flood insurance.

The ultimate responsibility for ensuring compliance with consumer protection laws and regulations, including flood insurance laws and regulations, rests with the board and senior management. How do you keep your head above the changing waters?

  1. Policies and Procedures. Any change in law or regulation in a compliance area should trigger a review of the bank’s existing policies and procedures in the affected areas. The review should be done with an eye toward necessary or appropriate changes to the policies and procedures. Management also should use this review process to determine to whom the revised policies and procedures need to be communicated to ensure an effective flood insurance compliance program. Certain of the changes may affect personnel outside of the lending and compliance functions at the bank. Once identified, all appropriate personnel should be trained on the new policies and procedures.
  2. Education. The compliance officer’s and real estate loan origination staff’s knowledge and understanding of the changes in the law/regulations are critical to ensuring compliance. The board and senior management have to be willing to expend the necessary resources to educate these folks who are on the front lines of the flood insurance process. Additionally, directors and senior managers also should receive training on the basics of flood insurance regulations so that they can appropriately oversee the compliance function and manage the attendant risk. The regulatory agencies, industry trade associations, and FEMA (Federal Emergency Management Agency) are good sources of training materials.
  3. Customer Communication. Your bank already may be receiving inquiries from customers regarding the impending changes to the flood insurance rules. If not, expect that you will. The changes relating to escrowing premiums, exemptions from mandatory coverage, and private flood insurance are fertile ground for customer questions. Now is the time to review your existing customer communication procedures to be sure that appropriate personnel and/or departments are tasked with handling inquiries, and that all personnel, especially customer-facing personnel, know to whom they should direct customer inquiries regarding flood insurance.
  4. Monitoring and Audit. As previously mentioned, the board and management have ultimate responsibility for ensuring compliance with flood insurance regulations. An effective compliance monitoring/audit function is paramount in carrying out this responsibility. The coming changes in the regulations will require management and the board to revisit certain aspects, if not all, of the flood insurance compliance program. Despite your training and planning efforts to implement perfectly the changes to your flood insurance processes and procedures, mistakes will be made. The wise bank will test the new processes early and frequently to head off any systemic issues. Better you find any problems and fix them, than to have them discovered by the examiners at your next compliance exam.

Changes are coming, and it is safe to say these will not be the last. Getting out ahead of the changes and planning for them is the key to successfully navigating the changing flood waters.

Underwriters Focusing on Rising M&A Claims and BSA Enforcement

Written by


Serving on a bank board comes with a lot of liability. State courts have decided that even independent, part-time directors can be guilty of gross negligence when their banks fail, for example. Directors often get sued by shareholders following an acquisition. And regulatory authorities can levy their own fines against individuals who serve on bank boards for the bank’s violations of regulatory rules. Bank Director magazine talked to Dennis Gustafson of AHT Insurance about the trends of particular interest to the board, such as directors and officers (D&O) liability insurance and cyber policies.

What trends are you seeing in claims?
We are seeing a shift. Last year at this time, the number one D&O claim was from the Federal Deposit Insurance Corp. (FDIC) relating to failed banks. A lot of these banks failed three to six years ago, so we are starting to see a decrease in those claims and M&A claims are on the rise as M&A activity heats up and as attorneys find opportunities to sue. If you are a public company getting acquired and have a market cap of greater than $100 million, there is a 97 percent chance of a lawsuit. The allegations are you didn’t do enough due diligence, you didn’t get a high enough price or you didn’t notify [shareholders] in an appropriate manner. Typically, the only impact of the lawsuit is an updated proxy statement but $500,000 to $1 million could be spent, mostly on legal fees. For those banks with more than $1 billion in assets, if there is any likelihood of the bank being acquired, the underwriter may require a separate, and higher, deductible for M&A claims.

Another shift in claims trends is in the cyber liability arena. It used to be the most frequent cyber claim was for notification costs after a breach of cybersecurity, because state laws require you to notify your customers of a breach. However, since more states are allowing for e-mail notification, the notification costs are decreasing and as such, so is the claim severity related to those notifications. In lieu of notification costs, we are seeing more and more claims relating to forensics, where the bank has to investigate the breach, why it happened and how, and sometimes hiring consultants to do these investigations can get very expensive.

What coverages are afforded in a typical cyber insurance policy?
In addition to coverage for notification costs and forensics, the typical cyber liability policy reacts to a lawsuit or demand from a customer or group of customers arising from a breach in network security. From there, coverages can differ based on the policy form and options offered. Some additional extensions of coverage include:

  • when a hacker accesses your client information and requests a ‘consulting fee’ or they will release the information
  • loss of revenue stemming from a network breach
  • a breach of physical security (i.e. dumpster diving or a lost laptop)

What changes are you are seeing from underwriters?
In previous years, most underwriter questions related to asset or loan quality. Now, we are seeing more questions related to the Bank Secrecy Act, wire transfer policies, and anti-money laundering programs. Common questions include: For wire transfers, what policies are in place relating to call backs [to confirm the authenticity of the transfer]? What controls do you have in place to protect the bank against money laundering? Are there any new hires or new procedures relating to bank secrecy?

What question do you hear most from bank directors?
The question I get most is about the gap in coverage for civil money penalties. The civil money penalty is assessed by the FDIC against the bank or against individuals if the FDIC perceived that those individuals did not work in the best interest of the customer. The most common allegation is gross negligence and more often than not, it is related to a loan or to a bypass in procedures. The FDIC put out a letter last October explicitly clarifying that if bank directors or officers were assessed a civil money penalty, they cannot be covered by the bank’s insurance or be indemnified by the bank. With that said, it would not be out of compliance with the guidelines if the individual were to purchase a policy on his or her own dime just to cover civil money penalties. The average civil money penalty was $51,250 and the median was $25,000 since 2012. The FDIC assesses the vast majority of these penalties.

Why should directors be worried about civil money penalties?
Most people do not join a board of a community or regional bank for the little or no compensation they may earn. The last thing they want is to have any of their decisions or activities possibly cost them out of pocket.

Do You Need Cyber Insurance?

Written by


8-21-13-AHT.pngAHT Insurance often gets questions about cyber security and cyber insurance policies. It is very confusing to figure out if your bank even needs a cyber policy separate from a general liability policy, for example. What really is the risk and do you need coverage for it?

Dennis Gustafson, a senior vice president at national brokerage firm AHT Insurance who specializes in financial institutions, described in a previous article what cyber policies cover. Here, he answers some of the most commonly asked questions about cyber insurance policies.

Aren’t cyber exposures covered by other insurance products such as general liability or fidelity bond?

Unfortunately there is very little, if any, coverage overlap between the cyber liability policies and these other insurance policies. The general liability policies almost always include some type of data or network exclusion. And when it comes to a fidelity bonds, a good principal to always consider is that fidelity bond policies react to theft of tangible property (money/securities), while the cyber liability policy reacts to theft of intangible property (social security or credit card numbers).

We use a third party to handle our website or credit card processing. Does this remove the need for cyber insurance?

While utilizing a third party for those activities definitely mediates the risk, don’t forget that the client often doesn’t know about the third party, and as such, will bring the lawsuit against the bank. The bank would be responsible to defend itself against the lawsuit and hope to then subrogate against the third party. Also, if a third party is hacked, your bank would be one of many clients impacted, all of whom could be trying to collect from the vendor. Having an insurance carrier step in from the moment of the breach removes all of that leg work and financial risk.

Is the purchase of a cyber liability policy a cumbersome process, especially for a first time purchase?

Yes. Keep in mind, the carrier is underwriting based on the quality of the entire network’s security. The applications can be lengthy and there are often additional questions asked after the underwriter reviews the application. Our advice is to coordinate a conference call with the chief security officer or information technology director and the insurance carrier. A 30-minute discussion can save hours of research.

Conclusion

All signs point to the fact that in the not-too-distant future, banks will take on more losses from cyber crimes than they will from physical robberies. It is the responsibility of the board and the executive team to put the right people, processes, technology and insurance in place to mitigate new risk exposures.

Growing Your Lending Portfolio with Insurance

Written by


Slow loan demand continues to plague many community and regional banks across the country, as they continue to search for ways to grow their loan portfolios. Bob Newmarker of Zurich Insurance offers some insight into how banks can look toward an environmental insurance portfolio program as an alternative way to manage their risks and create a competitive advantage.