Accounting liability insurance: Towards a difficult market
Purchasing professional liability insurance or renewing a policy is something that rarely appears on an accountant’s work list. Yet there are many areas where this choice can have consequences that go beyond normal day-to-day decisions in an accounting practice.
“A CPA can spend their entire career building their brand, but they neglect their due diligence when it comes to purchasing a liability insurance policy,” said Stan Sterna, vice president of Aon, broker and national administrator of the American Institute of CPAs. Membership Insurance Program. “They will buy a policy regardless of the quality of claims or risk control services offered by the carrier.”
The insurance market itself is currently heading towards a “hard” market, observers say. (To learn more about insurance, see the 2021 Malpractice Insurance Buyer’s Guide in tabular or list form.)
“Generally speaking, in a tough market, premiums are rising and underwriting is tightening,” said Stephen Vono, senior vice president at McGowanPro. “We’re now seeing it in several different types of insurance that accountants typically buy – cyber liability and employment practices, in addition to professional liability. The reason we’re in a tough market is because COVID-related claims and defense costs are on the rise. There are a lot of favorable court decisions against insurance companies. And the fact that an operator paid $ 40 million in ransomware fees didn’t help.
“When a claim exceeds the policy limit, other insurance companies share the risk,” he said. “It’s reinsurance, and the costs for that are increasing as well. Almost all businesses have reinsurance.
Premiums will rise for the remainder of 2021 and 2022, Vono predicted, states that have larger metropolitan areas will suffer more from the harsh market effect – states like California, New York, Oregon, Washington, Washington, DC. Arizona, Texas, Florida, New Jersey, Massachusetts and Illinois. “All states with large metropolitan areas will experience larger increases than, say, Iowa or Idaho, because there is a lot more claims activity in those states,” he said.
What do you want?
The most important thing to look for in a policy is its definition of professional services, said Vono: “It should be broad enough to cover all the services provided by the firm. Look for broad coverage as opposed to restrictive coverage.
“We see a lot of CPAs and registered agents, especially small freelancers, who are not properly insured,” observed John Torvi, vice president of marketing and sales at Landy Insurance. “They started out as preparers, but gradually moved on to payroll, auditing and compilation. Their policy did not include the expansion of their business.
Ron Parisi, former insurance executive and chairman of Orchard Accounting and online firm CPA On Fire, agreed, “Due to all the different government programs related to COVID, CPAs have expanded beyond typical services. accounting firms. It is important to pay attention to the creep of the scope of the engagement. For example, simple tax work and accounting may have evolved into applying for paycheck protection program loans and employee retention credits. Everything you do for your customers should be named and documented.
Liability sector expert Ricard Jorgensen agreed with this view. “The profession continues to expand beyond traditional tax, auditing and accounting services, and seeks to serve more unconventional businesses,” he said. “A lot of companies are implementing practices focused on the cannabis industry. But all professional liability policies contain a criminal act exclusion that could potentially prevent coverage of services to this industry – federally and in some states, the sale and production of cannabis is a crime. If a company intends to serve the cannabis industry, it should check with the insurer that the exclusion of criminal acts does not apply to this work.
New threat vectors
“The number of cyberattacks against CPA firms has increased exponentially,” observed Jorgensen. “This is especially the case when remote operations during the COVID pandemic created an increased risk to network security. Businesses should ensure that liability arising from the theft of personally identifiable information or loss of customer funds due to social engineering is covered by their policy. Ideally, all businesses should consider securing full and separate cyber coverage in a stand-alone policy. “
Gary Florian, vice president of underwriting and policing services at Camico, agreed. “We recommend a comprehensive cyber insurance program that includes the breach response services necessary to help protect a company’s information and reputation,” he said. “In the event of a cyber incident, a number of steps must be taken, and breach response services will coordinate these steps in conjunction with an insurance program that can cover some or all of the related expenses. “
“For example, the cyber risk advisor of the cyber insurance company should coordinate an investigation to verify whether the incident is a violation as defined by applicable state and / or federal laws,” he said. for follow-up. “A computer forensics expert should investigate the incident to determine if there has been a security breach and if confidential client information has been accessed. Computer forensics experts also respond to ransomware events to help decrypt and restore files, as well as eradicate malware from the system.
If the incident is determined to be a violation, customer notification letters may need to be prepared and mailed, Florian noted. “Customers who receive notification letters may have additional questions about the violation, and a call center may initially address those questions. Customers can also request credit monitoring services in a post-breach environment. While state laws require law enforcement to be notified of theft, media reports can affect the company’s public image, and media relations companies may be retained to. help protect the company’s reputation.
“It’s also important that businesses have access to cyber risk management tools and resources to prevent cyber breaches in the first place,” Florian added. “If an incident does occur, a business will want access to breach response services and experts who can handle the incident or breach and the associated insurance claim. “
It may not be a question of “if”, but “when” a business is breached, Torvi observed. “No matter how careful you are, in some ways the depth of the cybercriminal is beyond anyone’s reach,” he said. “Just consider the big names of the entities that have been hacked. And accounting professionals are a huge target.
There is a slight increase in the cost of policies, according to John Raspante, director of risk management for McGowanPro. “Everyone who renews receives a small increase. In some cases, companies have taken advantage of consulting opportunities, and when revenues increase, premiums also increase. “
“Some carriers have business lines other than CPA professional liability, and when they are hit by catastrophic losses, it affects all policyholders. There has been a lot of property damage related to civil disobedience and natural disasters over the past year. This has resulted in business interruption claims, debt and property damage, leading a number of major carriers to pass costs on to other lines of business.
There are a number of policy options that can lower the cost of insurance, but the insured should carefully consider the risks, Raspante said. And in some cases, policyholders do not know them.
“There are policies sold where the legal fees reduce the limits of the policy,” he said. “Other policies are sold ‘out of range,’ which will defend claims without reducing coverage. Of course, an “out of bounds” policy costs more.
“There are also deductibles” per claim “and” global “deductibles,” he said. “With an overall deductible, once the total is hit, the insurance company pays everything else, but if it’s per loss, you have to pay the deductible for each loss. Claim policy would cost less, but it can also cost you money – you need to weigh the odds that you will be sued more than once in the same year. If you have multiple claims and one deductible per claim, paying the deductibles can erode the policy limits, leaving nothing to cover the indemnity.
There may be different deductibles for different services, Raspante observed, noting that the insured is responsible for reading the entire policy. “Some people only look at their policy when there is a claim against them, but then it is too late,” he said.
“There are a lot of components that go into the algorithm that determines the premium,” he said. “You can manage the price of the policy by modifying some components, but there is a risk. “
Ideally, the professional liability carrier should focus only on professional liability matters of accountants, Aon’s Sterna suggested. “Accountant complaints are very technical and specialized, so you want dedicated complaints staff to work on these types of issues,” he said. “Some companies handle a variety of policies and their claims handlers have a large number of claims in their inventory. Each strategy on a claim may be different – some defenses are fair for accountants’ liability that might not be acceptable to others. They take care of the management of triage requests.
This can create service problems, he said, “When a company has a limited presence in the market, it doesn’t have the bandwidth to have dedicated staff. Some are reluctant to make a full commitment to ensure the profession over the long term. They enter and exit the market without devoting specific resources to accounting.
And with the proliferation of lawsuits and subpoenas they generate, policy should include assistance with subpoenas, Sterna added: “For example, divorce actions often seek the financial records of the other party. Court attendance provides legal advice to assist the accountant in responding to requests for documents. They don’t want to give away too many documents that could fuel a fishing expedition against your client.