Massachusetts Reinsurance
Bar Association
Thank You To Our Sponsor
Breakfast | 8:00 – 8:30 am
Massachusetts Reinsurance Bar Association
MASSACHUSETTS REINSURANCE
BAR ASSOCIATION
RESHAPING REINSURANCE
Seventh Annual Symposium
October 8, 2015
Harvard Club – Back Bay
Boston, Massachusetts
WELCOME!
Massachusetts Reinsurance Bar Association
Keynote Address
Dr. John Seo
Fermat Capital Management LLC
Massachusetts Reinsurance Bar Association
Understanding InsuranceLinked Securities
Steven Morris
Senior Reinsurance Counsel, Liberty Mutual Insurance
Any views or opinions expressed herein do not necessarily reflect the views
of Liberty Mutual Insurance.
Overview
• What is an ILS?
• How do they work?
• What makes them different from traditional reinsurance?
• What are the key components?
o Triggers
o Costs – External Service Providers
o Reset Options
o Loss Mechanics
o Redemption / Collateral Release
6
ILS Definitions
“Insurance-linked securities (ILS) are products of the rapid development of
financial innovation and the process of convergence between the insurance
industry and the capital markets.” NAIC
“Insurance-linked securities are broadly defined as financial instruments whose
values are driven by insurance loss events. Those such instruments that are
linked to property losses due to natural catastrophes represent a unique
asset class, the return from which is uncorrelated with that of the general
financial markets.” Wikipedia
“Insurance Linked Securities transfer a specified set of risks (insurance risks)
from a sponsor to investors. ILS have payouts linked to insurance losses and it
is an effective way for investors to diversify their portfolio since insurance
loss has little correlation with the other financial markets (equity, fixed
income).” NASDAQ
Privileged & Confidential
7
Typical ILS Investor
• Large Institutional Investors: e.g. Hedge
Funds; Public Pension Funds
• Diversified:
– Cat Bond investments represent a small percentage
of the investor’s overall portfolio
– Used essentially as an uncorrelated hedge against
traditional equity and bond market losses
8
Types of ILS Options
•
•
•
•
Cat Bonds
Side Cars
Collateralized Reinsurers
Industry Loss Warranties
Privileged & Confidential
9
Basic Cat Bond Structure
Ceding
Company
Sponsor
Interest
Reinsurance
Premiums
Reinsurance
Claims
Liquidation
of Assets
to Pay
Claims
SPV
Reinsurer
Return of
Collateral
Principal
Cash from Sale
of Notes
Cat Bond
Investors
Cash
from
Sale
of
Notes
Collateral
Account
Trust
10
Basic Sidecar Structure
Ceding
Company
Sponsor
Reinsurance
Premiums
Reinsurance
Claims
Liquidation
of Assets
to Pay
Claims
Debt
Investors
Sidecar
SPV
(Reinsurer)
Return
of
Collateral
Equity
Investors
Cash from
Sale
of Notes/
Equities
Collateral
Account
Trust
11
Cat Bonds v. Traditional Reinsurance
• Pricing
o Different pricing considerations – investors v. traditional
reinsurers
o Transaction Costs – need to account for additional
transaction costs
o Multi-Year Pricing – avoids both positive and negative market
fluctuations
• Market Capacity – e.g. Florida Hurricane
• Diversifying Sources of Capacity
12
Key Components
• Costs – External Service Providers
• Triggers
• Reset Options
• Loss Mechanics
• Redemption / Collateral Release
13
Costs – External Service Providers
•
•
•
•
•
•
Underwriters
Lawyers:
 deal counsel;
 underwriter’s counsel;
 offshore counsel;
 indenture trustee’s counsel;
Modeling Firm
Modeling Agent
Reset Agent
Administrator
•
•
•
•
•
•
•
•
•
•
Directors
Indenture Trustee
Paying Agent
Secured Site Provider
Independent Auditor
Interest Calculation Agent
Claims Reviewer
Loss Reserve Specialist
Escrow Agent
Rating Agencies
14
Types of Triggers
1. Indemnity: Indemnifies ceding company for actual losses
on an excess of loss basis; e.g. $100M x $500M
2. Modeled Loss: Indemnifies company if loss exceeds
certain modeled loss amounts for specific event
3. Indexed to Industry Loss: Trigger is based on total
industry loss, not cedent’s loss
4. Parametric: Trigger based on certain aspects of natural
events; e.g. wind speed and radius of storm
5. Parametric Index: Parametric triggers and payments
based on location of storm using cedent’s modeled losses
for that location
15
Annual Resets
• Reset (Attachment Point/Limits/Coupon):
o Exposures reviewed annually using Model
o Cover is Reset so Premium Aligns with Risk
o Services provided by Modeling Firm, Modeling Agent,
Reset Agent
16
Reset Options
• Fixed Reset: Same Expected Loss to Noteholder; same
Attachment Point (adjustment made to Percentage of Layer
Reinsured by Bond and to Limit)
• Alternative Fixed Reset: Same Expected Loss to
Noteholder; same Percentage of Layer Reinsured by Bond;
same Limits (adjustment to Attachment Point)
• Variable Reset: Same Reinsurance Cover (Attachment
Point, Limits and Percentage of Layer Reinsured); adjustment
is made to the Noteholder’s Expected Loss through a
variable coupon (interest rate change)
17
Fixed Reset
Year 1
Reset
Year 2
• Same EL (same
premium, same
coupon)
Bond
• Same AP
Bond
Gap
in
Coverage
• Different % and
Limits
18
Alternative Fixed Reset
Year 1
Reset
Year 2
• Same EL (same
premium, same
coupon)
Bond
• Same %
• Same Limits
Bond
Gap in
Coverage
• Different AP
19
Variable Reset
Year 1
Reset
Year 2
• Different EL
(premium adj.,
coupon adj.)
Bond
• Same %
Bond
• Same Limits
• Same AP
20
Loss Mechanics
Claims
Reviewer
Event
Notice
• Reinsurer
• Claims
Reviewer
• Loss Reserve
Specialist
• Ratings
Agency
Proof of
Loss
Claim
• Reinsurer
• Claims
Reviewer
• Loss
Reserve
Specialist
Loss
Reserve
Specialist
Loss Payment
Calculates
loss
payment &
principal
reduction
Notice of
Loss
Payment
Calculates
Loss
Reserves
Loss
Reserve
Certificate
• Reinsurer
• Trustee
• Ceding
Company
• Ceding
Company
• Reinsurer
• Trustee
•
Payment Made
from Collateral
•
Interest Payments
Reduced
Loss Reserves
•
Interest Payments
Reduced
•
Loss Reserves
monetized at end of
Extended Redemption
Period
21
Redemption / Draw-down Rights
• Return of Collateral
• What happens when there is an Event with Undeveloped
Losses?
– Cat Bonds – Liabilities Commuted after Final Extended
Redemption Period Ends
– Collateralized Reinsurers – “Buffer Factors”
Buffer Loss Factor Table
Number of
Calendar
Months Since
Date of Loss
Occurrence
Windstorm
Earthquake
Other
0 to 6
X%
X%
X%
> 6 to 9
X%
X%
X%
> 9 to 12
X%
X%
X%
> 12 to 15
X%
x%
X%
> 15 to 18
X%
X%
X%
Thereafter
100%
100%
100%
22
Massachusetts Reinsurance
Bar Association
Thank You To Our Sponsor
Morning Break | 10:00 – 10:15 am
Massachusetts Reinsurance Bar Association
How Alternative Capital is
Impacting an Industry
Panelists:
Judith Klugman |
Sean McCarty |
Tony Ursano |
Swiss Reinsurance Company Ltd.
AON Securities Inc.
TigerRisk Partners
Moderator:
Elaine Caprio
Caprio Consulting LLC
|
Massachusetts Reinsurance Bar Association
Coverage In The Age Of Data
Breaches
Panelists:
Anna Stafford
John Derwin
Jessica Park
|
|
|
Senior Counsel, Travelers
Counsel, Liberty Mutual
Sugarman, Rogers, Barshak & Cohen, P.C.
Moderator:
John Love
|
Robins Kaplan LLP
CyberFirst®
A powerful modular approach to offering cyber insurance
coverage solutions
Technology
Errors +
Omissions
Communications
+ Media Liability
Network +
Information
Security Liability
Expense
Reimbursement
Why Commercial General Liability Coverage
Isn’t Always the Answer
– Property damage requires
physical damage to, or loss of
use of, tangible property; data is
not considered tangible property
– Property damage to “impaired
property” is not covered
– Financial loss claims – standard
CGL policies require bodily injury,
property damage, advertising
injury or personal injury to trigger
coverage
What is Errors and Omissions Liability?
• Intended to cover liability for
financial injury to a 3rd party arising
from:
– Failure of the insured’s product
or service to function as
intended or expected
– An error, omission or negligent
act
• Who needs it?
– Any company that provides a
product or service that if it
should fail may result in
financial harm to a third party
customer
What is Network and Information Security
Liability?
• Intended to cover financial injury to
a 3rd party arising from:
– Certain wrongful acts relating to
network or information security
• Who needs it?
– Any company that promises to
protect information of others
(if even for a short time)
– Any company that uses a
computer in the course of
business
Travelers Network and Information Security
Liability
• Coverage Grant
– Failure to prevent the transmission of a
computer virus
– Failure to provide any authorized user of your
web-site or your computer or communications
network with access to such website or such
computer or communications network
– Failure to prevent unauthorized access to, or
use of, data containing private or
confidential information of others
– Failure to provide notification of any actual or
potential unauthorized access to, or use of,
data containing private or confidential
information as required by any security
breach notification law that applies to you
Travelers Communications and Media Liability
• Coverage Grant
– Unauthorized use of any advertising material, or
any slogan or title, of others in the advertising of
the business, premises, products, services, work,
or completed work of others
– Infringement of copyright, title, slogan, trademark,
trade name, trade dress, service mark, or service
name in your covered material
– Plagiarism or unauthorized use of literary or artistic
format, character or performance in your covered
material
• Covered Material
– Any material in any form of expression, including
material made known in or with any electronic
means of communication, such as the Internet
Patent infringement or misappropriation of Trade
Secret are not covered
What is Expense Reimbursement Coverage?
• Intended to cover insured loss associated
with:
– Certain wrongful acts or first party
incidents associated with data breach
types of events
• Why is it important?
– Businesses can incur loss due to
attempts to misappropriate or misuse
information in their care
– Managing these first party expenses is
important to mitigate further harm to
insured or customers
First-Party Expense Reimbursement Coverage
Can Include:
• Security Breach Notification
& Remediation
• Crisis Management Services
• Business Interruption
& Additional Expenses
• Extortion
• Computer Program & Data
Restoration
• Computer Fraud
• Funds Transfer Fraud
• Telecommunications Theft
CASE LAW DEVELOPMENTS
• Coverage under traditional CGL policies –
Coverage B
• Coverage under cyber policies
Case Law Developments –
Traditional CGL Policies
• Coverage B – “personal and advertising injury”
• Common Themes:
– Was there “publication?”
– Was the “publication” done by the insured?
– Was there violation of a right to privacy?
• Exclusions
Recall Total
• Recall Total Information Management, Inc. v.
Federal Ins. Co., 147 Conn. App. 450 (2014)
– No “publication” where computer tapes were taken,
but data on the tapes was not accessed
– Triggering data breach notification statutes was not a
substitute for a “personal injury”
The Sony Case
• Zurich American Ins. Co. v. Sony Corp. of
America, NY Sup. Ct. Index No. 651982/2011
(March 10, 2014 Order).
– Found “publication” where hackers “opened the box”
and let out private information, but
– Not perpetrated by the insured, so no coverage.
– Appealed in April 2014; appeal withdrawn / case
resolved in April 2015.
Urban Outfitters
• OneBeacon America Ins. Co. v. Urban Outfitters,
Inc., 21 F. Supp. 3d 426 (E.D. Pa. 2014), aff’d,
2015 WL 5333845 (3d Cir. Sept. 15, 2015).
– “Publication:” need dissemination to the public at
large, not just use by the collector
– Right of “privacy”: interest in secrecy, not interest in
seclusion (e.g., freedom from junk mail)
American Economy Ins. Co. v.
Aspen Way Enterprises, Inc.
• D. Mont., 1:14-cv-00009 (Sept. 25, 2015 Orders
granting summary judgment for insurers)
• “Publication:” transmission to “at least a third
party,” if not the public-at-large
• Recording and Distribution Exclusion applied
Metro Brokers, Inc. v. Transportation
Ins. Co.
• 2013 WL 7117840 (N.D. Ga. 2013), aff’d, 603
Fed. Appx. 833 (March 5, 2015)
– First-party claim under Businessowners Property
Coverage Form
– No coverage under Forgery & Alteration Endorsement
for EFT transfers by hackers
– “Malicious code” exclusion also applied – use of virus
by the hackers
Travelers Indemnity Co. of America
v. Portal Healthcare Solutions, LLC
• E.D. Va., 1:13-cv-00917 (Aug. 7, 2014 Order)
– Insuring agreement: injury arising from “electronic
publication of material that . . . discloses information
about a person’s private life” or “gives unreasonable
publicity to a person’s private life”
– District court found: “publication” satisfied where
materials were available for viewing online, even if no
third party actually accessed them and even though
the insured took no affirmative act to place the private
information before the public
Case Law Developments - Cyber
Policies
• Published decisions are limited; not all involve
cyber-specific issues
• Much variability in policy language and
underlying facts
Columbia Cas. Co. v. Cottage Health
System
• C.D. Utah, 2:15-cv-03432 (Filed May 7, 2015)
– Alleged breach: storage of medical records on system
accessible via internet search
– Claims-made coverage for “Privacy Injury Claims”
– Seeks to apply exclusion: loss arising from insured’s
failure to “continuously implement the procedures and
risk controls identified in the Insured’s application for
this Insurance. . . .”
Federal Recovery Services
• Travelers Prop. Cas. Co. of America v. Federal
Recovery Services, Inc., 2015 WL 2201797 (D.
Utah May 11, 2015)
– “CyberFirst” policy – Technology Errors and
Omissions Liability Form
– No coverage for allegations that data processor
intentionally withheld customer’s data
– Policy covered only errors, omissions, or negligence;
complaint alleged intentional conduct
Universal American Corp. v. National
Union Fire Ins. Co.
• 25 N.Y.3d 756 (Ct. App. NY June 25, 2015)
– “Computer Systems Fraud” rider: “loss resulting
directly from a fraudulent (1) entry of Electronic Data
or Computer Program into, or (2) change of Electronic
Data or Computer program within, the Insured’s
Proprietary Computer System. . . .”
– No coverage for fraudulent Medicare claims –
fraudulent access to system vs. submission of
fraudulent content
Doctors Direct Ins., Inc. v. Bochenek
• 2015 IL App. (1st) 142919 (Aug. 3, 2015)
– Cyber claim endorsement: liability resulting from a
“Cyber Claim” for a “Privacy Wrongful Act”
– “Privacy wrongful act:” breach of statute “associated
with the control and use of personally identifiable
financial . . . information”
– No coverage for alleged violation of Telephone
Consumer Protection Act – not associated with
control, use of personal information
Massachusetts Reinsurance
Bar Association
Thank You To Our Sponsor
Lunch & Printed Materials | 12:00 – 1:00 pm
Massachusetts Reinsurance Bar Association
WORKSHOP 2015
Nile.com
On-line shopping, Cyber Risk &
Reinsurance
NILE.COM
• World’s second largest on-line retailer
• Liability Program
–
–
–
–
Issued by Captive “Up The River Insurance, Inc.”
$1M primary
$9M XS of $1M first layer excess
$90M XS of $10M second layer excess
• Reinsurance
– First excess layer - All insured losses excess of $2MBermuda Re (management & control)
– Second excess layer – All insured losses excess of
$25M – Internet Re
Nile.com
• Data Breach
– Hackers gain access to Nile’s “cloud”
– Obtain financial information of “Alpha” members
– 10 million members potentially compromised
• Claims – Alpha Customers
– Breach of privacy
– Damaged credit ratings
– Fraudulent credit card charges
• Claims – Credit Card Companies
– Seek to recover cardholder non-payments
Massachusetts Reinsurance
Bar Association
Thank You To Our Sponsor
Afternoon Refreshments | 2:45 – 3:00 pm
Massachusetts Reinsurance Bar Association
A Fresh Perspective on
Mediation of Reinsurance Disputes
Michael Frantz: Munich Reinsurance America, Inc., Sr. Vice President & Claim Dept. Manager
Jeff Kichaven: Jeff Kichaven Commercial Mediation, Principal Mediator
Patricia Taylor Fox: American International Group, Deputy General Counsel (Reinsurance)
Elaine Caprio: Caprio Consulting LLC, President (Co-Coordinator)
Wm. Gerald McElroy, Jr.: Zelle Hofmann Voelbel & Mason LLP, Sr. Partner (Moderator & Co-Coordinator)
FACT PATTERN FOR MEDIATION PANEL
•
The fact pattern for the mediation panel is based on the same facts regarding Nile.com (Nile) and
the hacking event utilized during the interactive workshop. There are, however, some variations in
the insurance and reinsurance facts. The full fact pattern to be used is set forth below and in the
succeeding slides. The portions of the fact pattern which are identical to those used in the
interactive workshop are set forth below in red font.
•
Nile is the world’s second largest online retailer. Nile has a CGL insurance program made up of a
primary layer and two excess layers of liability insurance. The CGL coverage is written on typical
ISO forms and includes coverage for “personal and advertising injury.” This coverage extends to
the injury arising out of “oral or written publication, in any manner, of material that violates a
person’s right of privacy.”
•
Total limits of coverage are $1 million primary, $10 million first layer excess and $100 million
second layer excess. Up the River Insurance, Inc. (“Up The River”) issued the primary and
excess liability policies. Both excess layers of insurance are reinsured by Internet Re. The
reinsurance agreements require “prompt notice of any claim likely to implicate this agreement.”
The reinsurance agreements expressly do not cover ECO (extra-contractual obligations) or XPL
claims (i.e., claims in excess of the policy limits).
FACT PATTERN FOR MEDIATION PANEL
•
Hackers entered Nile’s data processing cloud and downloaded financial information,
including credit card numbers of all of the Nile Alpha Members. Nile Alpha Members
pay an additional fee which gives them special deals and free shipping.
•
There are approximately 10 million Nile Alpha Members worldwide. Nile learns of the
security breach and promptly notifies Up the River Insurance of the potential liability
exposures. Simultaneously, Nile notifies all of its Alpha members by email and
issues a press release alerting the media to the security breach. Within days, Nile
starts receiving demands from Alpha members. They fall into three distinct groups:
generic claims for breach of privacy, claims for impact to credit ratings, and claims for
fraudulent credit card charges. The news media reports that class actions have been
filed against Nile for breach of privacy and the unauthorized distribution of confidential
information. Within 20 days, credit card companies have submitted claims to Nile
following their cardholders’ refusal to honor fraudulent credit card charges made by
hackers or those purchasing credit information from hackers.
FACT PATTERN FOR MEDIATION PANEL
•
In response to Up the River’s inquiry, Nile explains that hackers accessed
its data processing cloud through the portion of its website that encouraged
Nile customers to become Alpha members. The page had a link that was
captioned “Find out why so many Nile members are Alphas!” When
members click the link, they come to a page that displays the reasons why
actual Nile members became Alphas. The information comes directly from
the electronic Alpha applications of current members that were linked to the
site in a fashion that allowed hackers to open the entire application in the
cloud and see the member’s credit card information. Nile.com says the
credit card information was effectively “published” on a portion of their
website. Therefore, the claims are covered.
FACT PATTERN FOR MEDIATION PANEL
•
In response to Up the River’s inquiries, Nile discloses that it also has a stand-alone
Cyber loss policy that provides $5 million in coverage for liabilities arising from
malicious third parties who gain access to your electronic system for purposes of
obtaining confidential financial information. The Cyber policy contains an “other
insurance” provision that says it is excess to all other valid and collectible insurance
that covers the same losses. Nile.com said it has not submitted a claim to the Cyber
loss carrier because the CGL coverage has not been exhausted. However, at the
urging of Up the River, Nile does provide notice to the Cyber loss insurer.
•
The claimants asserting the four categories of claims described above filed suits
against Nile, which tendered the suits to Up the River for defense and indemnity. Up
the River delayed sending a response despite follow-up letters from Nile about the
suits. Up the River ultimately denied coverage for the suits at issue based on the trial
court’s decision in the Sony case that there was no publication within the meaning of
“personal and advertising injury” in the CGL policies at issue where hackers (as
opposed to the policyholder) made the publication.
FACT PATTERN FOR MEDIATION PANEL
•
Nile settled the four underlying suits for $50 million and allocated the settlement as follows:
$1 million CGL, $10 million first layer excess, $3 million Cyber and $36 million second layer
excess. Based on this allocation, Nile demanded that Up the River pay $47 million. Nile
brought a coverage suit against Up the River when it refused to pay. In the Complaint, Nile
sought a determination of Up the River’s coverage obligations with respect to the subject
settlement. The complaint also asserted claims of bad faith and non-compliance with the
applicable claim-handling statute.
•
During the pendency of the litigation, Nile produced documentation showing the risk
manager’s understanding that the CGL and excess liability policies issued by Up the River
did not provide coverage for cyber hacking events of the kind at issue. This was apparently
why Nile had purchased a stand alone cyber policy. Based on that documentation and the
Sony decision, counsel for Up the River wrote a coverage opinion to Up the River strongly
recommending against paying a substantial amount to settle the dispute with Nile.
Nonetheless, after acrimonious and prolonged litigation, Up the River reached a settlement
with Nile requiring it to pay $40 million -- $7 million less than the amount demanded by
Nile.
FACT PATTERN FOR MEDIATION PANEL
•
Up the River ceded $10 million under the first excess policy and $29 million under the
second layer excess policy to Internet Re, which denied the claim. Internet Re relied
upon the following grounds for denying coverage: (1) There was no coverage for the
amount paid by Up the River to resolve the bad faith claims in the underlying
litigation; (2) There was no “personal and advertising injury” within the meaning of the
subject policies; and (3) Nile should have allocated more of the settlement to the
cyber insurance policy since it provided specific coverage with respect to the loss at
issue.
•
Up the River and Internet Re agreed to mediate the subject dispute after negotiations
to resolve the dispute failed. In the absence of an amicable resolution, the dispute will
be arbitrated.
THANK YOU FOR ATTENDING
Massachusetts Reinsurance Bar Association
SPONSORING FIRMS
www.daypitney.com
www.lewisbrisbois.com
www.srbc.com
www.princelobel.com
www.robinskaplan.com
www.mintz.com
www.zelle.com