The GDPR is coming. Time to sit down, relax and take stock
This article is about the feeding frenzy taking place, how to avoid it and what to look out for in the run up to GDPR lift off.
Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.
The vultures have been circling for some time now.
Plenty of people are putting the frighteners on good people that just want to survive the supposed relentlessness of heavily armed Data Commissioners issuing fines aplenty. Which will not actually happen. The ICO simply haven’t got enough resources to do that. Much like other agencies that are not for profit.
Speaking of which, it is those that are for profit that we need to be wary of. I’ve received several updated contracts from insurance companies dictating how data issues need to be resolved. My first piece of advice is to establish what your partners expect of you because, whilst the data commissioner might give you 72 hours to report certain types of breach, I am now contractually bound to give others 24 hours notice. Probably because they want the lions share of the deadline to get themselves ready. They also insist on certain types of data security and issue tight deadlines on “data subject access requests”. Cheeky but true.
So have you read all your contracts recently?
At least some of our partners are decent enough to tell us they’re being updated. Other contracts, like insurance policies, already cater for the change with clever wording. Where it states that they expect you to be complying with the law it actually means that as soon as the law changes, you have to be compliant with the new one. They don’t need to wait for the renewal of a contract to make you keep up with legislation. They’ve already taken care of it.
Are you going to read all your supplier or partner contracts? Probably not. Who has the time? I hear you sigh! Keep these in mind when you are changing your policies that are affected by GDPR. There might be a clash. You might want to notify them with 72 hours, yet they might stipulate immediately. Forewarned is forearmed and I don’t think fines are going to cause the biggest headache. I think it will be interruptions to business and loss of reputation and/or clients.
Government crack the whip
I have a feeling that the government announcement last week, that it would try and reduce the compensation culture by cracking down (again) on so called “whiplash” claims, might fuel the class action culture that Morrisons supermarkets find themselves subject to. There are a lot of companies that rely on that revenue stream (it’s in the billions) and they will switch to the next as quick as they went from PPI to holiday sickness claims. And PPI is coming to an end.
Wrap Up: We’re not overly concerned about the deadlines imposed by our supply chain because we have the resources to cope with them. Yet we’re very pleased we know what they are because a data breach causes enough confusion on it’s own.
Top Tip: Once you’ve assessed your position, review your contracts to see what else you might need to weave in. This is a once in 20 year opportunity to engage with your stakeholders. Done well, it will build trust regarding data and how you want to keep it safe. That trust is gold dust in the current climate.
How to protect risks to cashflow with insurance
This blog is about protecting cash flow, especially if those that owe money go bust.
Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation
What if a buyer goes bust?
With the global recession and Brexit, business owners are having to consider the impact this could potentially have on their business. What if a client goes bust? If a company is owed significant amounts of money from clients, it is a major risk to cash flow.
Gareth came to us with these questions and more. He knew exactly what he wanted from an insurance. Dealing with imports he needed peace of mind that he had cover if stock went missing. He also needed to know that his invoices were covered if products didn’t reach the consumer. We took time to completely understand Gareth’s business to a granular level.
What if they don’t want to pay?
Business Owners need confidence that they are going to get cover that matched their needs and not be sold an off the peg insurance that doesn’t quite do the job. After negotiating with underwriters we carefully selected the options that matched Gareth’s broad requirements.
One option included protection against protracted debts or liquidations relating to companies that had been invoiced. It often helps with obtaining quicker payments, from companies that are happy to share the debt, when the risk of a default is backed by credible protection.
What are the risks when reducing risks?
Following up with a meeting to go through the small print and fully explain terms, conditions and exclusions is a must. We tell it like it is, the good and the bad so our clients can make informed decisions.
The devil is in the detail and it is often a surprise to everyone, including us, when it is interpreted based on a particular business. It’s our duty to actually recommend protection that fits each client and the most appropriate has to meet their needs, rather than provide the dreaded false sense of security.
Wrap up; Small print can be seen as an enemy yet there’s a lot that can be learned from it. Read our blogs on the different types of policies available. I used to be surprised at the number of people that told me that they had already covered everything, then sent me documents riddled with exclusions. I now know it is a common occurrence in our sector.
Top tip; Some people find out when it’s too late.Review your debtors regulary and watch out for slow payers and avoid companies that are shown as risks on credit checks
Flatterers deceive UK start-ups
A spectacularly large US company flattered a UK start-up with a huge contract which was eventually signed and secured. This would give them the capital they need to multiply their success. The contract wasn’t exclusive and the start ups web application was valuable to many similar companies. A fantastic “result” and only two types of insurance were required by the US company.
Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.
Contractual responsibility
The contract issued by the Americanclient had 2 pages making direct reference to the type of due diligence, risk management and business insurance required of the start-up. The rest of the contract revealed 26 further liabilities and requirements that were, or would become, necessary.
Not all were manageable for a small company with limited cash flow. The really fine points of the contract referenced this exact point and made it clear they would take full and furious legal action if something went wrong. Ouch, a soft landing is required so we received an introduction.
Part of the liability related to the website, which was provided as a service, and had to be operational 99.9% of the time. The US company staff would be trained to use it and then supported 24/7. It had to work and the contract made it clear that they would want compensation for any downtime over 0.01% in any one year. Keep in mind that one way to compensate is not charge fees that are due.
Penetration testing must be the answer
It helps work out weaknesses today yet doesn’t account for advances made by hackers tomorrow. IT Systems security methods of suppliers aren’t always reliable and data theft was the main concern of the US client. They made the UK startup contractually liable for the costs of notification to the relevant authorities and those whose personal data is compromised.
This is a really tough figure to try and quantify because few own up when they have a data breach so the statistics cannot be compiled. Contrast that with fires where it is easier to quantify losses.
That won’t change just because it becomes a must to do (new regulations are due to land in the EU in 2015). So if some Herbert got at the data, the US company would have to spend to meet US regulations and the UK start-up could be ruined by the losses. Identity theft costs vary from person to person so it really is a difficult number to calculate.
Legal liabilities change across borders or state lines
The chances of a breach are minuscule, the costs ridiculous. The damage to brand immeasurable. Get a lawyer to get legal on your contracts and they’ll close the gaps. Some clauses don’t hold water in the UK yet US companies issue proceedings where they want. The contract formed a vicious circle when the statement of work and suppliers agreement were reviewed together. No stone had been left unturned and the US company had a fair minded legal team. That is not always the case.
However, there was a liability of millions and the supplier of the application’s infrastructure were only going to cough up £182k if they failed to maintain their supply. Worse still, the infrastructure wasn’t easy to transfer to a new supplier and a 30 day window tied the start-up down. No fix in 30 days and the US contract terminated automatically. And further contracts would not have been issued by them or anyone else.
We deal with cyber risk every weekly basis. It rarely touches the smaller business, yet their suppliers are at risk. Cloud sounds great yet it is not as solid as your own database with your own security. The solutions are a contractual nightmare.
Wrap up: It is not unheard of for a large company to issue a contract to a start-up, allege an error and drown them in legal proceedings. This is because they can then strike a deal which leaves the start-up Directors free of debt if they give up their Intellectual Property. Only in America? No! Uk companies do this too. Does Directors protection work in these cases? No! See why here: https://cobinecarmelson.com/wp-content/uploads/2011/11/What-are-Directors-real-risks.-CCLv5-URL.pdf
Top tip: One digital games company signed an NDA and found the other signatory copied their ideas and started selling their titles. It cost £300,000 to force them to stop and compensate the original designer. There is no point getting someone to sign an NDA unless you have the means to enforce it !
Double agent leaves tenant between a rock and a hard place
Leaks can be a real drag
A last minute call before Christmas comes from a client in a mini panic because the client facilities at their studio have got pools of water where it shouldn’t be. The area has to be sealed off because of the leak and the business might have to close, albeit temporarily, if gets any worse.
This is a straightforward issue for us, yet it could be the first time a client is going through this scenario and prompt assistance and advice is what they need. We provided the reassurance that we promised, confirming that the damage to their property was covered. However we instructed them to contact their landlords insurance people because the leak had not sprung from nowhere. It was likely that both insurers would need to be involved. This is quite common and, in this case, a managing agent handled insurance affairs for the landlord.
Property Manager or Mangler?
After a fashion, I received another call from the client explaining that the property managing agent did not want to offer much assistance. They simply said “the builder must be responsible”. I reminded the client that their landlord had cover for investigating leaks, which had become clear when we checked their insurance provision at the beginning. Armed with this information the client/tenant felt confident in contacting the managing agent and pressing their point home. Subsequently, a surveyor arrives and determines that a pipe has not been correctly sealed, causing water to leak and bubble up through the flooring. Luckily it was water rather than waste that leaked, so the damage wasn’t too messy.
In the ordinary course of things, this would have been simple from here on in. The landlord’s insurance pays for the tracing of the leak and the builder repairs the pipe they installed defectively and the client has insurance to repair the resultant damage to their flooring, etc. The managing agent had other ideas.
Why do people think it’s OK to to defraud insurers?
The managing agent contacted the tenant and asked them to pay for the surveyors invoice. When they refused, because it is not their responsibility, the property managing agent said “completely off the record, it will be much easier to do business with us if you tell your insurance company that this was an uninsured part of the landlord’s policy, or write a letter confirming that there were more damaged areas than was actually true”. They wanted to recover the cost of the surveyor without resorting to their own insurance. Or rather, the landlord’s insurance. This seems daft because it’s not their insurance to worry about. It’s the landlord’s! Doing their job properly means presenting insurance claims to insurers in order for them to be settled promptly, fairly, and keep the premises in good shape.
What we know is that this happens all too often. Regrettably, property managing agents have to have their fingers in the landlord’s insurance pie, and they do deals with insurance companies, not always with the landlord’s knowledge, that means that they get paid extra if they do not make too many claims. This is on top of the income they receive for managing the insurance, which is paid to them by the insurance company and allows them to charge the landlord less for the overall management of the property. To landlords this is either something they are unaware of, or dressed up as a good deal. However, they don’t seem to realise that it is going to cost them money in the long run if the property is not well looked after.
Surely the managing agent should be looking after the property rather than trying to earn money out of the insurance that they don’t even pay for. People find it hard to believe that this happens, yet property managing agents seem quite willing to hide the commissions they receive from their clientele and mess up claims situations when it suits them. At the end of the day they always blame the builder or the tenant. Who is the landlord going to believe?
Top Tip: Always check the insurance arrangements of a premises you are about to buy or lease, because you will find insurance history can paint a different picture to the particulars you were originally shown.
Wrap Up: There are some great property managing agents out there yet there are also plenty of rogues. Accountants have told me that they have recovered many hundreds of thousands of pounds from property managing agents who stitched up the owners of properties they looked after. It’s not just on insurance, they do the same on maintenance issues and when repairs are required. Take a closer look at the bills they are sending and see if you can spot any trend that doesn’t make sense.
Insurance claims departments grill their clients
Not all insurance companies treat claimants the same. This article is about what happens when an insurance company settles a claim for a break-in, the methods they use to reduce claims, and the daft things they do afterwards.
Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.
“Someone’s breaking in across the road”
A man is up later than he should be. He hears a loud bang, and peers out his front room window. He sees that there are some shadowy figures and torchlight inside the office premises across the road. Stopping himself from rushing across the road, he calls the police instead. He took the sensible option. By the time he finishes the call to the police the burglers are gone. It’s a classic commercial theft. Kick the doors in and take whatever isn’t nailed down and can be sold for cash.
The police contact the owners and the premises are secured, which is difficult to do when a UPVC door has been ripped from it’s hinges! Yet it’s a temporary measure, a more permanent fix can be worked out later. Computers, monitors and petty cash have been taken.
Insurers step up… then down again
The client contacts us in the morning and we make the report to their insurer, who won’t do anything until the crime reference number is allocated by the police. Armed with this, we make a detailed report explaining what items have been stolen and what damage has been caused. The people handling the claim seem amiable. A few hours later we receive the email acknowledgement, yet they start as they mean to go on requesting why my client kept so much petty cash. The irony.
It’s this sort of nit picking that really annoys people. They didn’t ask how much petty cash they had before the break in. Indeed, they even make a generous allowance for it as a policy benefit. Yet they use it as a tactic to delay making a payment. It wasn’t the only tactic, they argued about the broken door too.
Settlement achieved
It took a few days to resolve, yet the experience left a sour taste with the client. “How will they behave if we have a major loss?” I reassured them that this company was better in the big losses, which is why we had chosen them. It’s just that you need to have experience in order to push the small ones through, because this company uses smaller claims to train their staff. They don’t tell you that in their literature before you buy from them – we have the inside track.
Once the client has his full payment he asks me to look for alternative insurance providers, which is understandable! Who wants to be contractually tied to someone that makes it difficult together what the contract is supposed to provide? Especially when it’s before a problem with the terms and conditions. A “can-do” attitude means a lot to those who want their businesses to run smoothly. They avoid suppliers that make their life difficult after advertising that they would make it easy. Insurers could take note, but they won’t. This insurer said they would be happy to lose this client because it was “petty cash” that made them attractive to thieves. Poppycock.
Wrap Up: There are hundreds of reasons why insurers are slow to pay out, some are procedural, others personality based. As Forrest Gump said, claims departments are like a box of chocolates. You never know what you’re going to get……unless you have opened them before.
Top Tip: Make sure your adviser has handled similar outcomes to those that you’re worried about if you really want the reassurance that insurance allied to service can provide.
How can you reduce your liabilities?
This article is about liability, sometimes “called” indemnity, how to reduce it, why it is required and how do you work out what yours is? It’s a long one yet winning contracts with unclear liabilities can lead you to long unfulfilling journey.
Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.
I’ve just won a contract!
We are called every week by people who make the above exclamation. It’s great when client win new contracts, they get so excited when they start working with one of the ‘big boys’. However these contracts are often weighted towards the bigger company in the “partnership” and have severely onerous terms and conditions. It will never cease to amaze me how many people sign a legal document without reading it, having a expert interpret it for them or seeking any form of legal advice. However it happens every week, I’ve even done it myself when there’s little at stake. Lesson learned! We now know enough solicitors to advise clients when the need arises. Solicitors have different specialisms and expertise and we try to help, or at least signpost, all the enquirers we hear from.
One of the most important contractual areas to negotiate upon is the level of liability you are being asked to carry. Many contracts have “boiler plate” wordings which have ridiculously high levels of insurance protection demanded from small companies as well as medium and large. The first point to negotiate on is the amount of protection they expect you have in place. This is because insurers will, typically, charge a rate for every £100 or every £1000 of cover that you require. A higher level of protection means an increased insurance investment, which might not match the new risks.
Demands for insurance documents
A lot of contracts state that “you must have insurance a, b or c”. Many business owners start looking as soon they read this, not realising that further on the contract will stipulate that the full insurance documentation must also be provided. So they contact an insurance provider and arrange cover quickly without checking how long the documents will take to arrive. You will think insurance providers can issue documentation very quickly. This is not the case, some of them have several levels of check on their policy documentation before they are issued. Others prepare the documents in one country and issue them from another. Some only issue documentation online. Others seem like they’re still using pigeons that carried messages during WWII.
This doesn’t help when the people fulfilling the contract require payment. If a contract says you must have insurance a,b or c and documentation, you are unlikely to be paid until you have provided documentation. This has caught out people who either didn’t bother arranging insurance at the outset, yet told their client they had, or they arranged insurance with a provider that could not issue documentation promptly.
Businesses are not likely to go bust because they failed to arrange insurance. But not all insurance can be paid in monthly instalments, so cash flow needs to be managed.
How do I work out my liability?
The “boiler plate” contracts mentioned above have high limits because it is often difficult to estimate. Sometimes the actual amount of liability can only be determined following litigation because claims become so complicated. Not all contracts ask for annual insurance. Some I have seen have insisted that insurance is arranged and then maintained for 12 years after the project was completed. This protected the large company against issues that arose later in the day. It is a contractual requirement and there is not much use accepting a contract for £144k income, if the insurance premium is £12k and you are required to keep it in force for 12 years. Some companies have accepted these terms because they were so confident that they would continue to get business from the company they just started to work with. Not all businesses survive taking this type of risk.
We have developed a method that helps us understand the liability businesses are asked about and they, with the help of their legal team, negotiate what they can reasonably reduce it to. As a business owner, I like to have advisers who can answer unusual questions when the need arises. It reduces my liability when they help with the things I know that I don’t know.
Wrap up: Winning contacts is great as long as you understand the liabilities that they bring into your World. Don’t sign anything until you have read everything, I know that it isn’t easy. Ask for help with interpretation of things you don’t really get and ensure you understand exactly what you are getting into by signing on the dotted line.
Top Tip: It’s very rare that people make mistakes when delivering contracts. The most common issues are when people allege something has gone wrong, hide a mistake, fails to own up to their own error or vindictively blame people they have fallen out with. The blame culture isn’t a new phenomenon, yet it is here to stay.
