Archive for June, 2016

Small Firms Increasingly Need Directors and Officers Coverage


While directors and officers liability has been traditionally thought of as insurance for publicly traded companies, increasingly it’s smaller companies that account for the largest share of exposure among top decision-makers.

A study published by the news website Advisen found that over the past 10 years, small businesses accounted for 70% of all D&O insurance claims. And during that time, these claims increased 300% for small businesses, compared with 200% for large companies and 150% for mid-sized operations, according to the study.

Although privately held businesses don’t risk exposure to securities class-action suits, a business doesn’t have to have shareholders in order for its directors and/or officers to be personally sued.

Your directors and officers may also face exposure to lawsuits and regulatory actions that could seriously dent your company’s finances. Consider the following risks:

  • Breach of fiduciary duty – Investors sue a company alleging that some of its officers had personal connections to a third-party contractor the company hired to do some work. They accuse other officers and directors of breaching their duty of care in undertaking the project without properly investigating the qualifications of the contractor.
  • Failure to comply with workplace laws – An employee is terminated and then sues the directors and officers and the company for wrongful termination based on gender discrimination.
  • Theft of intellectual property – You hire a new vice president and his former employer sues him and your company, accusing him of stealing certain corporate licenses to market proprietary software, creating unfair competition and trademark infringement.
  • Misrepresentation – A company asks a supplier to build up its inventory because it expects an uptick in business. The supplier complies and then the company switches suppliers. The original supplier sues, alleging damages based on the promise of more business and subsequent failure to provide that business.


When you may want to consider D&O coverage:

  • If your company has relationships with vendors and customers that could in some way leave your directors or officers exposed.
  • If you intend to seek venture capital funding or attract other investors.
  • You have officers or directors who could be targeted by litigants over their management of company affairs.



Low-priced policies for small firms

Many insurance companies now offer small business executive liability coverage starting at $1,500 per year to protect directors and officers.

D&O liability insurance protects corporate directors and officers in the event they are personally sued – often in addition to the company being sued – by investors, employees, vendors, competitors and customers, among other parties.
The insurance protects directors and officers by covering legal fees, settlements and other costs; in addition, the coverage sometimes can extend to protect the company if it is named in a suit, as well.

Also, some new directors or officers may demand that you purchase D&O insurance as a condition of employment or serving, since they will not want to put their personal assets at risk. Outside investors may also demand that you purchase a policy before agreeing to fund your company.


Considerations when buying a policy

  • Should you limit coverage to directors and officers or include coverage for the entity, as well?
  • Make sure the policy will cover innocent directors if one member is found guilty of wrongdoing. Policies will cover allegations of criminal misconduct up to the point of adjudication.
  • Do you need additional coverage, which is usually sold in increments of $1 million of coverage?
  • Read the fine print to ensure that the policy covers a wide range of claims, from regulatory actions to criminal investigations and employee lawsuits.
  • Have a separate coverage limit if that coverage is bundled with an employment practices liability policy. This will ensure coverage for personal liability of directors and officers in the event a claim against the company depletes the EPL policy limit.



Final Regulations for Wellness Plans Limit Incentives at 30%

wellness for health_400x180px

The U.S. Equal Employment Opportunity Commission has released final regulations for employer-sponsored wellness programs under the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act.

The final rules take effect at the start of 2017 and affect all wellness plans for employees and their family members, even those plans that don’t also require enrollment in a health plan.


The final rules cover:

  • The amount and type of incentives employers can offer.
  • Notice requirements.
  • The definition of voluntary.
  • Protection of medical information that the plans collect.



Here we look at the new rules:



Under the final regulations, employers can offer up to a 30% discount on self-only coverage to employees that participate in wellness plans. This final regulation actually conflicts with the Affordable Care Act, which stipulates maximum incentives of 30% of the cost of coverage that the employee is enrolled in.

This means that if you offer your employees more than one health care plan, the incentive cannot exceed 30% of the cost of the lowest-priced option.

The final rules also limit spousal incentives to 30% of employee-only coverage.

Under Health Insurance Portability and Accountability Act (HIPAA) regulations, incentives for a wellness program with a smoking-cessation component are not limited to the 30% rule and can be as high as 50%. However, if the program includes biometric screening or any other tests for the presence of nicotine or tobacco, it would be limited to incentives of 30%.

In addition to financial incentives, employers are permitted to offer in-kind incentives (e.g., employee recognition, parking spot use, relaxed dress code).


‘Voluntary’ defined

The final regulations define what is considered “voluntary”:

  • Employers must not require employees to participate.
  • Employers may not deny health care coverage to employees who do not participate.
  • Employers may not take any adverse employment action against or coerce employees who do not participate.



Employers must provide employees with a notice written in plain language that advises them about what medical information will be obtained through the wellness program, how it will be used and restrictions on its use.


Confidentiality and information protection

Information obtained under employee wellness programs is still considered protected health information for purposes of HIPAA compliance.

It is important to ensure that all information is kept confidential and that employees handling the information are well trained on their confidentiality obligations. Employers also must ensure that they do not receive the information in a manner that would disclose the identity of specific individuals.



To ensure that this exception applies, the program must be “reasonably designed to promote health or prevent disease.”

For example, programs that penalize an individual because his or her spouse suffers from a disease or disorder will not meet this standard.

Information collected under the program must actually be used to design services that address the conditions identified in the information collected.

The ADA prohibits an employer from denying access to a particular health plan because an employee does not answer disability-related questions or undergo medical examinations, the EEOC said in a statement.

Under new ADA regulations, employers must offer reasonable accommodations to allow an employee to participate in a wellness program so long as doing so does not constitute an undue burden.

In addition, where an employer’s wellness program provides medical care and rewards an individual for meeting a health standard, the employer must provide a reasonable alternative to earning any financial incentive.

For example, a wellness program that rewards an employee for reaching a certain body mass index must modify that standard for any employee who cannot reach that BMI for medical reasons, such as a thyroid condition. That way the employee could still earn the financial incentive.


The takeaway

If you have a wellness program or are considering implementing one for your staff, you should talk to us about your options and discuss any concerns you may have regarding compliance with the new regulations.


wellness for health_400x180px

Why Your Company Needs a Total Ban on Cell-phone Use

Asian man texting while driving

Asian man texting while driving

Distracted driving from smart phone use while driving is becoming one of the leading causes of accidents in the U.S., and for the first time overall roadway deaths and injuries have started rising again despite regular advancements in car safety – a change that experts attribute to the scourge.

And as if that news is not bad enough, if one of your employees while driving for you on the job injures or kills someone while using a mobile phone, your organization could face serious liabilities. This is especially true if they were either talking on the phone without a hands-free device or using texting or some other smart phone function while behind the wheel.

But lately, juries have even been awarding large judgments in cases when a motorist was using a hands-free set while driving. If a court were to find your driver negligent, the resulting damages could put you out of business or seriously dent your company’s finances.

That’s why you need to implement workplace rules to prevent distracted driving. If you have not done so, you should – and you can use the National Safety Council’s cell-phone kit as a basis for those policies.


The facts

  • The NSC model estimates 21% of crashes, or 1.2 million crashes in 2013, involved talking on handheld and hands-free cell phones.
  • The model estimates an additional 6% or more crashes, or a minimum of 341,000 of crashes in 2013, involved text messaging.
  • Thus, a total of a minimum of 27% of crashes involved drivers talking and texting on cell phones, according to the model.

Why you need company rules on cell-phone use

Liability wake-up call

  • A jury in Texas found a beverage company liable after one of its drivers crashed while talking using a hands-free device, even though the hands-free headset complied with the company’s policy. Verdict: $21 million.
  • A jury in Arkansas found a lumber distributor liable after one of its salesmen rear-ended another car while talking on a mobile phone. Verdict: $16 million.
  • A jury in Ohio ordered a technology company to pay damages after one of its drivers, while using a cell phone, crashed into another car and killed one of the occupants. Verdict: $21.6 million.


The NSC recommends that you have a policy that includes:

  • Both hand-held and hands-free devices.
  • All of your employees.
  • All company vehicles.
  • All company cell phones.
  • All work-related communications, even in a personal vehicle or on a personal cell phone.
  • All communications, even if personal, while your employees are behind the wheel on the job.


According to the NSC, the policy should include a total cell-phone ban. This means banning handheld and hands-free devices by all employees. Research has shown that hands-free devices are not safer than handheld phones because the cognitive distraction still exists.

In its kit, the NSC includes a sample cell-phone policy, which reads:

“Due to the increasing number of crashes resulting from the use of cell phones while driving, we are instituting a new policy. Company employees may not use cellular telephones or mobile electronic devices while operating a motor vehicle under any of the following situations, regardless of whether a hands-free device is used:

  • When the employee is operating a vehicle owned, leased or rented by the company.
  • When the employee is operating a personal motor vehicle in connection with company business.
  • When the motor vehicle is on company property.
  • When the cellular telephone or mobile electronic device is company owned or leased.
  • When the employee is using the cellular telephone or mobile electronic device to conduct company business.”


One key component of the policy is that you get full buy-in from management and employees. That’s the hard part.


To get buy-in from your staff, the NSC recommends the following:

  • Before policy implementation, hold open meetings to discuss the need for a policy with employees.
  • Let your staff air their concerns and doubts, and ask them to offer solutions to these objections.
  • Get buy-in from management first. Employees must see and hear that top management supports the policy.
  • Employees may be concerned about job productivity. Ask them to share ideas to maintain productivity.
  • Have a mix of senior management, front-line supervisors, union representatives, and other employees serve as spokespeople for the new policy process.
  • Relate real-world examples of deaths and injuries that resulted from driving while using a mobile device. You can find excellent video and public education resources at If someone in your company has a personal story, invite them to share it.


You can find the NSA kit at:

If You’re Leasing a Vehicle, Put It in Your Company’s Name

A young man with a silver car that broke down on the road.He has set up a warning triangle.He is waiting for the technician to arrive.

YOU’RE SUCCESSFUL at running your business and you decide it’s time for a new car. You want to take advantage of the great leasing deals many carmakers have on offer, so one weekend you enter into a lease for that vehicle.

On Monday you tell your bookkeeper to add the car to your company’s business auto policy, but he tells you that the insurer can’t add the vehicle since it’s in your name. Knowing you’re going to be using this car primarily for business, you realize you’re suddenly in a bind.

As a business owner or company director wanting to lease a car for yourself, you have the choice of either business contract or personal car leasing, and each option has its own implications, benefits and disadvantages, particularly in terms of insurance.

And if you are using your new car mostly for work (think sales calls and visiting job sites), and you bought it in your name, that mistake can cost you as your business won’t be able to insure it properly.

Your personal auto policy will provide coverage for some business use of your vehicle. The same is true for your employees’ personal auto policies, which also cover some business use of their vehicles.

But, a personal auto policy is unlikely to provide coverage, if the vehicle is used primarily in business.

The personal auto policy – whether yours or your employees’ – may not have high enough limits to protect your business.

For example, take the scenario of you driving to a business meeting while having an intense conversation on your phone with your production department and you plow into a vehicle in front of you, injuring the driver and three occupants. Then they sue you and your company.

If you have only a personal auto policy, your insurer will probably defend you personally and pay the claim up to the policy limit. Your personal auto policy insurer will not defend or pay damages on behalf of your business, however. Most certainly, once your policy limits are exhausted, the other party or business would be on the hook for the rest of the damages, but insurance wouldn’t cover it.

If you or your employees are driving personal vehicles on business and relying on your personal auto policies, be sure that you and they have sufficient liability coverage to protect your business in the event of a serious auto accident.

Do not expect to rely on a personal umbrella policy for any claims that arise from business use of a vehicle. Typically, the personal umbrella excludes all claims occurring in the course of a business endeavor.


The takeaway

If you are in the market for a new car that you’ll be using a significant amount of the time for work, you should seriously consider leasing it in your company name. It will save you from headaches later if you are involved in an accident.


Business auto insurance checklist

If you answer “yes” to these questions, you need business car insurance to stay properly covered:

  • Run business errands during the day?
  • Travel to client or business meetings?
  • Travel between different business sites?
  • Drive colleagues or business contacts around?
  • Allow other employees to drive your vehicle?
  • Make deliveries or collections?


OSHA Sets Limits on Drug Testing Injured Workers

drug test

Employers are not allowed to have a blanket policy of requiring drug and alcohol tests after a workplace injury as it may discourage injury reporting, the U.S. Occupational Safety and Health Administration has said in an interpretation letter.

It issued the letter in response to a company’s blanket policy after some intoxicated workers had been injured on the job, and it comes as a new OSHA regulation on post-injury testing is slated to take effect at the start of 2017.

These recent actions should spur any employer with a policy of testing its workers post-accident to revisit its rules so they don’t run afoul of OSHA’s regulations.

OSHA’s “Improve Tracking of Workplace Injuries and Illnesses” rule does not bar employers from drug or alcohol testing its workers, but it does prohibit companies from using such testing or the threat of it as a form of retaliation against employees who report injuries. These new rules were published in May 2016 and will take effect on Jan. 1, 2017.

However, the rules specifically point out that if an employer conducts drug testing to comply with the requirements of a state or federal law or regulation, the employer’s motive would not be retaliatory and this rule would not prohibit such testing.

With this new rule the agency is likely to take a hard stance on mandatory post-injury drug testing without a compelling reason.

It is unclear what will happen to employers who enforce post-incident testing policies that OSHA deems unreasonable, although several experts say they expect the agency will attempt to cite employers.

The rule will likely have far-reaching effects considering that 56% of U.S. manufacturers had such policies, according to a 2012 study by the Government Accountability Office. That same study found that these policies “may discourage workers from reporting injuries and illnesses.”

OSHA says in the rule that employer policies should limit post-incident testing to situations in which employee drug use is likely to have contributed to the incident and for which the test can accurately identify impairment caused by drug use, according to the final rule.

Examples of instances that OSHA says would not be reasonable to conduct a drug test include:

  • An employee who reports a bee sting.
  • A repetitive strain injury.
  • An injury caused by a lack of machine guarding, or by a machine or tool malfunction.


Under the rule, employers do not have to specifically suspect drug and/or alcohol use before testing, but there should be a reasonable possibility that such use by the reporting employee contributed to the reported injury or illness for the employer to mandate the testing.

The probable cause for a drug test would need to be based on observation and a good-faith belief that an employee is under the influence of drugs or alcohol. Such observations should be made by two people trained to spot such impairments and should be documented in writing

Employment law attorneys recommend that all employers look at their current policy for post-injury drug and alcohol testing, how that policy is communicated to employees, and what kind of feedback they had when the policy was put into place.

Despite Cyber Threat, Few Firms Train Staff in Security


Even the most up-to-date firewall and virus protection will not protect you against the biggest threat to your organization’s cyber security – your employees themselves.

Despite this only 45% of companies train their workers in how to prevent breaches, according to a new report released by the Ponemon Institute, even though 55% of organizations surveyed said they believe they had had a security breach caused by a malicious or negligent employee. And, 66% of respondents said employees are the weakest link in their efforts to create a strong security environment.

The report says also even when there is training, there are “critical areas that are often ignored.” According to the report:

  • 49% said training included phishing and social engineering attacks.
  • 36% said training included mobile device security
  • 29% said the course included how to use cloud services securely.
  • 67% said their organizations do not provide incentives to employees for being proactive in protecting sensitive information or reporting potential cyber threats.


With the obvious disconnect between employee training and the very real constant threat to any organization with a database, many companies are not doing enough on the personnel side to reduce the threat of cyber attacks, like hacking, malware and other malicious code.

Experian Data Breach Resolution, which sponsored the “Managing Insider Risk through Training & Culture” report, had the following recommendations of what employee training should cover to protect a business from cyber attack.


Basic courses should typically cover these topics:

  • Protecting paper documents
  • Securing protected data
  • Password security
  • Privacy laws and regulations
  • Data classification
  • Safe e-mail practices


Advanced courses should typically cover these topics:

  • Phishing and social engineering,
  • Responding to a data loss or theft
  • Mobile device security
  • E-mail hygiene.


Gamify training to make learning about potential security and privacy threats fun. Interactive games that illustrate threats for employees can make the educational experience enjoyable and the content easier to retain. There are new training technologies that simulate real phishing e-mails and provide simple ways to report potentially fraudulent messages.

Experian also recommends that employers provide incentives to employees for being proactive in protecting sensitive information or reporting potential issues. This could include a cash reward or gift card at a local coffee shop.

Another approach to changing behavior is to have clear consequences for negligent behavior, such as inclusion in the next performance review or a mandatory one-on-one meeting with a superior.

In addition to training, you should send regular messages to employees about security and privacy practices.

If you have had a data breach, you should require your staff to retake cyber security training. A breach provides the opportunity for you to train your staff about the importance of carefully handling sensitive and confidential information.


The stuff of cyber nightmares

Negligent and malicious behaviors that keep security professionals up at night:

  • Unleashing malware from an insecure website or mobile device (70%)
  • Violating access rights (60%)
  • Using unapproved mobile devices in the workplace (55%)
  • Using unapproved cloud or mobile apps in the workplace (54%)
  • Accessing company applications from an insecure public network (49%)
  • Succumbing to targeted phishing attacks (47%).


Insured protection

While you may have strong firewalls and a solid employee training program, if you do incur a breach, the fallout can cost you. A cyber liability insurance policy can pay for recovery costs, the cost of litigation and fines and notification costs you may incur.

Call us to see if a cyber liability insurance policy is right for your organization. The chances are extremely high that at some point, your systems will be breached.

Crackdown on Employers Who Shunt Employees onto Medicare

Portrait of two stressful, serious businesspeople. 


The Centers for Medicare and Medicaid Services (CMS) is stepping up efforts to root out employers who have improperly put workers who were eligible for the company’s group health plan into Medicare.

Under the law, employers are prohibited from offering incentives of any kind to a Medicare-eligible individual to enroll in Medicare instead of the employer’s health plan.

Companies with 20 or more employees may not encourage covered employees and/or dependents to make this change in coverage.

The fine for encouraging an employee or dependent to take Medicare is $5,000 per situation, but that’s not the largest potential penalty.

The larger penalty is the bill for any claims that Medicare paid as a primary payer versus what it should have paid as a secondary payer.

This claim can be huge depending on how much care an individual that should have been in a company health plan sought out while on Medicare.

And now the CMS has decided to step up its recovery of these improper payouts.

CMS aims to increase the number of successful recoveries from below 5% to nearly 100%.

It has joined forces with the Internal Revenue Service (IRS) and the Social Security Administration to specifically look for instances where an individual is enrolled in Medicare and is also an employee of a group.

They are checking when someone’s social security number is showing up both on the income tax withholding list for an employer and also on the Medicare rolls.

Recently, many employers have received letters from a Data Matching project sponsored by the Social Security Administration, the CMS and the IRS. The goal of this new project is to increase recovery of improperly paid Medicare benefits.

Whatever you do, don’t ignore this letter. It has a 30-day deadline for you to answer the questionnaire and you should take this exercise seriously. If you take a nonchalant attitude towards filling it out, you could be in for a heaping bill from Medicare later.


Calculating employees

If a company has fewer than 20 employees, it’s generally accepted that Medicare would pay first for a Medicare-eligible employee who is also on a health plan.

Employers on the cusp of this “20 or more” rule should calculate the average number of employees they had in the prior year, according to the CMS.

Under the law, an employer is considered to have 20 or more employees for each working day of a particular week if the employer has at least 20 full-time or part-time employees on its employment rolls each working day of that week.

This condition is met as long as the total number of individuals on the employer’s rolls adds up to at least 20 regardless of the number of employees who work or who are expected to report for work on a particular day.