If your customers are located within the European Union or European Economic Area, it is critical to understand this regulation. US businesses’ are required to comply with this regulation if they control or process the personal data of individuals within the EU or EEA.
There are times when the coverage you need is available exclusively from a non-admitted carrier. That being said, it is important to understand the difference between admitted and non-admitted carriers, as well as the advantages and disadvantages of each.
An admitted carrier is one that follows guidelines set forth by the state, and is therefore licensed in the state or country in which the insured’s exposure is located. These guidelines vary from state to state, and some are more stringent than others. The obligation to follow state regulations and submit rates to a state’s department of insurance limits the flexibility of the insurer. If an admitted carrier becomes insolvent, the state guarantee fund steps in to pay out claims and premium remuneration where applicable.
It is a common misconception that non-admitted is synonymous with non-licensed. In reality, non-admitted carriers do not have rates filed with the state and therefore are not as highly regulated, but this also means they are not protected by state funds. Because of this, they are sometimes able to offer better rates–these carriers can base price on specific exposures. Further, certain complex risks require the use of non-admitted carriers because the conventional insurance marketplace fails to provide adequate coverage. However, in the case of insolvency, the state will not pay the carrier’s outstanding claims and premium remuneration.
Judging Financial Strength
Since with a non-admitted carrier you are not guaranteed payout from the state in the case of insolvency, as you are with an admitted carrier, one of the most important things to consider when purchasing coverage through a non-admitted carrier is its rating from firm A.M. Best, which rates a carrier on financial strength and size based on policyholder reserves. As long as you are aware of market conditions and are sure the carrier is reputable, buying coverage from non-admitted carriers can be beneficial: they often provide lower rates, absolute control over coverage terms and coverage unavailable through admitted carriers (including specialty risks, risks that are unusual or those that are unusually large).
Non-admitted does not mean that an insurer is not regulated–many states do regulate non-admitted insurers. In fact, many non-admitted carriers are actually admitted carriers in other states. Non-admitted carriers intentionally opt-out of filing rates with the state not necessarily because they are unable to comply, but because doing so provides the advantages mentioned above. However, just because a carrier is admitted doesn’t mean it is financially solvent. Because of state restrictions, admitted carriers’ payouts may increase faster than permitted premium increases in certain classes of business, leading to financial instability. When making carrier decisions, consider whether the carrier is admitted or non-admitted, as well as if it is financially capable of paying a claim in the event of an accident.
On Dec. 5, 2016, the Federal Motor Carrier Safety Administration (FMCSA) issued a final rule that aims to improve roadway safety by establishing a National Drug and Alcohol Testing Clearinghouse.
Under the final rule, motor carriers and other employers of commercial motor vehicle (CMV) drivers must use the Clearinghouse to ensure that current and prospective employees do not have any unresolved drug and alcohol violations that render them ineligible to operate a CMV. Employers will also be required to report information about positive drug test results, alcohol test results greater than 0.04 blood alcohol content, refusals to test and other non-test violations of FMCSA’s drug and alcohol regulations.
These requirements take effect on Jan. 6, 2020, the date that the Clearinghouse is scheduled to become operational. Employers, CMV drivers
- Will allow motor carriers and other employers to identify drivers who are ineligible to operate a CMV.
- Will contain information about violations by employees who are subject to drug and alcohol testing under FMCSA regulations.
- Employers must use the database to ensure current and prospective employees do not have unresolved violations.
- Jan. 6, 2020—Employers must begin using the Clearinghouse and must also make manual inquiries with former employers.
- Jan. 6, 2023—Employers will no longer be required to request data from a driver’s previous FMCSA-regulated employers.
What information will the Drug and Alcohol Clearinghouse contain?
The Clearinghouse will contain records of violations of drug and alcohol prohibitions in 49 CFR part 382, subpart B, including positive drug or alcohol test results and test refusals. When a driver with a drug and alcohol program violation completes the required Return-to-Duty (RTD) process, this information will also be recorded in the Clearinghouse.
Who is authorized to use the Clearinghouse?
To access the Clearinghouse (once it is operational), a user must request access from the FMCSA by registering. Authorized users will include:
- Motor carriers and other employers with drivers operating CMVs that require a commercial driver’s license (CDL) or commercial learner’s permit (CLP);
- CDL/CLP drivers;
- Consortium/third-party administrators;
- Medical review officers;
- Substance abuse professionals;
- State driver licensing agencies; and
- Federal and state enforcement personnel
Will a prospective employee’s drug and alcohol violation history with Department of Transportation (DOT) modes other than the FMCSA be available in the Clearinghouse?
No. The Clearinghouse will contain only drug and alcohol program violation information for employees subject to the testing requirements under the FMCSA regulations in 49 CFR part 382. Employers must continue to request information from previous employers if an employee was subject to DOT drug and alcohol testing required by a DOT modal administration other than FMCSA (as required by §391.23(e)(4)(B)).
May employers report the results of non-DOT drug or alcohol tests to the Clearinghouse?
No. Only results of DOT drug tests, alcohol tests or test refusals may be reported to the Clearinghouse. While employers may conduct drug and alcohol testing that is outside the scope of the DOT testing requirements, positive test results or refusals for such non-DOT testing may not be reported to the Clearinghouse.
What actions will drivers be able to take in the Clearinghouse?
Drivers will need to log into the Clearinghouse in order to electronically consent to requests from prospective and current employers that need to access full details about any drug and alcohol program violations as part of an employment-related background check. This is the only valid method for an employee to respond to this type of employer consent request, and failure to provide timely consent may result in a driver being prohibited from performing safety-sensitive functions for that employer.
Drivers may log in to the Clearinghouse to view their individual driver record at any time. Also, if a driver chooses to engage a Substance Abuse Professional (SAP), he or she must select the SAP through the Clearinghouse to initiate the RTD process.
How are employers and Consortium/Third-Party Administrators required to use the Clearinghouse?
The Clearinghouse offers employers a centralized location to report drug and alcohol program violations and to check whether a current or prospective employee is prohibited from performing safety-sensitive functions, such as operating a CMV, due to an unresolved drug and alcohol program violation—that is, a violation for which the employee has not completed the RTD process. Employers must conduct this test, or query, as part of any pre-employment screening and at least annually after an employee is hired.
Employers may also use the Clearinghouse to designate a consortium/third-party administrator, which is a required step for any employer that employs him- or herself as a driver.
How are Medical Review Officers (MROs) and Substance Abuse Professionals (SAPs) required to use the Clearinghouse?
MROs must use the Clearinghouse to report verified positive drug test results and any driver refusals to take a drug test.
SAPs must use the Clearinghouse to report on the RTD status of drivers who are working to resolve any open drug and alcohol program violations. These reports include the date of completion of the initial assessment and the date the driver becomes eligible for RTD testing.
How will State Driver Licensing Agencies (SDLAs) use the Clearinghouse?
As of Jan. 6, 2020, SDLAs will be able to query the Clearinghouse prior to completing licensing transactions.
How will driver data be protected in the Clearinghouse?
The Clearinghouse will meet all relevant federal security standards, and the FMCSA will verify the effectiveness of the security protections on a regular basis.
Driver information will not be available to the public. Only authorized users will be able to register and access the Clearinghouse for designated purposes. The Clearinghouse will require authentication (username/password) to access records.
Drivers registered in the Clearinghouse will be able to access their Clearinghouse records at any time, and at no cost to them. Drivers will only be able to access their own information, not information about other drivers.
The FMCSA will only share detailed drug and alcohol violation information with prospective or current employers when an employer has requested and received specific consent from the driver. Drivers will be able to see the information that would be released to an employer before consenting to the release.
Driver information will be shared only with the FMCSA and other enforcement agencies as required to enforce drug and alcohol use testing regulations.
Does the final rule change any of the existing drug and alcohol program requirements in part 40?
No, the final rule does not change any existing requirements in the US DOT-wide procedures for transportation workplace drug and alcohol testing.
Source: U.S. Department of Transportation, Federal Motor Carrier Safety Administration
As a business owner, you strive to hire qualified employees to work for you. Unfortunately, as you are well aware, not every hiring decision goes as planned. Even if an employee is terminated for legitimate reasons— such as poor attendance or unsatisfactory work habits—every termination opens the door for potential lawsuits. Read on to learn from one business owner’s experience and find out how employment practice liability insurance (EPLI) can help protect you and your organization from costly, frivolous lawsuits.
“If you have employees, you will get sued”.Mary, Virginia Business Owner
When Mary, a Virginia business owner, received a complaint that her sales manager made crude, disparaging remarks to a female employee during a trade show, Mary took the claim seriously and conducted an investigation. During the course of her investigation, Mary spoke with another employee who witnessed the incident firsthand. According to this employee, the sales manager’s actions were offensive and harassing. Ultimately, after much deliberation, Mary fired the sales manager for his behavior.
Weeks later, the employee that witnessed the incident sued Mary for $500,000, claiming that after the incident, Mary had passed her up for promotion and assigned her poor sales territories, all because she came forward with the details of what happened at the trade show.
Although the lawsuit was groundless, Mary racked up hefty legal bills defending herself against the allegation.
Lawsuits like the one Mary faced can come out of left field and are much more common than you’d think. In fact, three out of five employers will be sued by a prospective, current or former employee while they are in business. EPLI can help mitigate these risks by providing the necessary resources to defend your company against a lawsuit or pay a claim.
As costs for litigation and damage awards climb, experts predict that employment liability will only become more complex. Call Tooher Ferraris Insurance Group today to learn more about EPLI and discuss your employment-related risks.
Business operations in the technology industry revolve around the functionality of computers, network connections and the Internet. It’s no secret that computer use comes with many risks, including damaging viruses, hackers, the illegal use of your system to attack others, the use of sensitive data to steal identities and other illegal actions. As a result, companies must respond by preventing, detecting and responding to cyber attacks through a well-orchestrated cyber security program.
Get Familiar with Risks
The first step in protecting your business is to take notice of the multitude of cyber risks:
Hackers, attackers and intruders: These people seek to exploit weaknesses in software and computer systems for their personal gain. Although their intentions are sometimes benign, their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to malicious activity (stealing or altering data).
Malicious code (viruses, worms and Trojan horses):
- Viruses: This malicious code requires a user to take action to let a virus into the system, such as opening an email attachment, downloading a file or visiting a webpage.
- Worms: Once released, this code reproduces and spreads through systems on its own. They usually start by exploiting a software flaw; then, once the victim’s computer is infected, the worm will attempt to find and infect other computers through a network.
- Trojan horses: This disguised code claims to do one thing while actually doing something else. For example, a program that claims to speed up your computer system but is actually sending confidential information to a remote intruder.
Risk Management Planning
To reduce your cyber risks, it is wise to develop an IT risk management plan at your organization. Risk management solutions utilize industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:
- Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, the data stored and processed, and importance to the organization.
- Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems, the facilities where systems are stored or other conditions that may affect the impact of risk to the organization.
In addition, your organization should take precautionary measures when selecting your internet service provider (ISP) for use for company business.
Almost all ISPs offer Web browsing capabilities with a varying degree of user support and Web hosting capabilities. Your company should determine what ISP to use, along with a plan for backing up emails and files and what firewalls to implement.
To select an ISP that will reduce your cyber risks, consider the following:
- Security: How concerned with security is the ISP? Does it use encryption and secure sockets layer (SSL) to protect any information that you submit?
- Services: Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
- Cost: Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
Reliability: Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems
User support: Are there any published methods for contacting customer service, and do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
Speed: How fast is your ISP’s connection, and is it sufficient for your business needs?
Recommendations: What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?
Cybersecurity is a serious concern for your business. Contact Tooher Ferraris Insurance Group to learn about our risk management resources and insurance solutions for emerging technology exposures.
This guide will help you collect the necessary documentation and statistics required during a payroll audit. Because of the nature of the required information, it is recommended that this guide be completed by the accounting department, unless your organization has someone specifically responsible for these documents and the workers’ compensation policy.
STEP 1: Collect Necessary Materials
- Payroll records (employee specific)
- Unemployment tax returns
- Form 1040 Schedule C (if sole proprietor)
- Tax reports (Federal Payroll 940s or 941s)
- General ledger, subcontractor ledgers and journal (or 1099s)
- Certificates of insurance for subcontractors
- Workers’ compensation (WC) insurance policy
- Employee information (compiled here)
- Corporate officer information (compiled here)
- Audit package totals (compiled here)
- Subcontractor information (compiled here)
- Certificates of insurance for each subcontractor
- Additional materials upon auditor request
STEP 2: Employee Information
Record the payroll information and classification of all employees except corporate officers. Class codes generally define the business and not the employees, with the exception of standard class exceptions (e.g., clerical, outside sales, other certain sales). This is a large potential problem area—if your business has a large WC rate, but you can put some of your employees in a standard class exception (like clerical), you can drastically lower premium to pay. In bold or italics, make sure to note that these standard class exceptions vary from state to state. The manual rate can be found on your WC policy.
Note: A portion of overtime can be subtracted from the total gross payroll. For example, if your firm pays time-and-a-half, you can take the total gross overtime amount paid and subtract .33 percent of that number from the total amount paid over a given year. This number counts as an excluded remunerations, which is further instructions in Step 4.
STEP 3: Corporate Officer Information
In many states, officers have the option to remove themselves from coverage. States also have a maximum coverage, which needs to be located. Certain states, rather than a max, represent corporate officers as all earning the same (i.e. for workers’ compensation purposes they are all compensated $50,000).
STEP 4: Excluded Remunerations
Excluded remunerations vary from state to state so the list below may not be accurate for your location. Determine a complete list for your state by asking your agent, ratings bureau or insurance provider.
- Tips and other gratuities received by employees
- Payments by employer to group insurance plans
- The value of special rewards for individual invention or discovery
- Severance payments, except for time worked or accrued vacation
- Payment for active military duty for reservists called to active duty
- Employee discounts on goods, property, or services purchased from the employer
- Expense reimbursements to employees for legitimate business expenses (requires some record or receipt)
- The value of an employer-provided vehicle (e.g., a car or airplane)
- The value of an incentive vacation (for example, a sales leader might win a vacation)
- The value of a ticket to an entertainment event that is provided by the employer
- Supper money for late work
- Work uniform allowances
“Time-and-a-half” overtime is included as one of the columns under Employee Information. Overtime is therefore not listed above, but you will need to add it if your company determines overtime pay using a different—or multiple—calculation.
If the payroll amounts you entered under Employee Information or Corporate Officer Information include any of the following types of payments, then total such payments by employee and enter these values in the Excluded Remunerations column under Employee Information or Corporate Officer Information, as appropriate.
STEP 5: Audit Package Totals
Review the information you compiled in Steps 2 through 4, checking to make sure all areas have been addressed and all figures are correct. Organize the information in a list arranged by class code. Include payroll information along with any excluded remunerations that apply.
STEP 6: Subcontractor
This is only for subcontractors that do not have workers’ compensation of their own. Be sure to capture only the cost of payroll for the contract—as opposed to total quarterly cost of the contract—in order to prevent overpayment.
STEP 7: Source Materials Checklist
Use this sheet to ensure that you have completed and compiled all
A Complimentary Review
Contact Tooher-Ferraris Insurance Group for a review of your classifications and exposures. Our specialized Workers Compensation experts will review up to three years of policy data to ensure your company has been accurately classified and charged. Call today 203-834-5900.
Because of all they can offer, smartphones and tablet devices are essential to many professions’ daily operations. However, as use rises, it will become more and more important to ensure that security for these mobile devices is able to adequately protect you from new and existing threats.
The need for proper phone security is no different than the need for a well-protected computer network. Gone are the days when the most sensitive information on an employee’s phone is contact names and numbers. Now a smartphone could grant access to any number of applications, emails and stored passwords. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.
Lost or Stolen Devices
Because of their size and nature of use, mobile devices are at an increased risk of being lost or stolen. Since most devices automatically store passwords in their memory to keep users logged in to email and other applications, having physical possession of the device is one of the easiest ways for unauthorized users to access private information.
To prevent someone from accessing a lost or stolen device, the phone or tablet should be locked with a password. The password should be time sensitive, automatically locking the phone out after a short period of inactivity. Most devices come with such security features built in, which is something you should consider before purchasing. Depending on your cellphone provider, there are also services that allow you to remotely lockdown or erase a device in the event that it is lost or stolen.
Mobile devices have the potential to be just as susceptible to malware and viruses as computers, yet many businesses don’t consider instituting the same type of safeguards. As reliance on these devices continues to grow, so will their attractiveness as potential targets. Third-party applications are especially threatening as a way for malware to install itself onto a device. Employees should never install unauthorized applications to their company devices.
Like any potential exposure, the level of risk brought on by mobile devices is based largely on how your company uses them. Conduct a formal risk assessment to see where your biggest risks are. Also establish when to conduct follow-up assessments to account for new exposures created by the ever-advancing state of technology.
Establish a Smartphone Policy
Before issuing smartphones to your employees, establish a device usage policy. Outline what does and does not constitute acceptable use and what actions will be taken if employees violate the policy. It is important that employees understand the security risk inherent to smartphone use and their role in its mitigation. Well informed, responsible users act as an invaluable layer of security protecting mobile devices.
The regular review of every contract you sign is a highly important risk management task. This includes a contract’s waiver of subrogation clause.
Subrogation is a basic insurance concept used in insurance contracts. If a loss occurs, it typically happens through someone’s negligence. In general, the negligent or “at fault” party is liable for the cost of the loss; your insurance carrier can then choose to sue the at-fault party to recover the amount of a claim they paid for you in a process known as subrogation. You may not find the term subrogation in your contract, but it may be included—check for the terminology ”Transfer of Rights of Recovery Against Others to Us,” which some insurance policies use in place of subrogation.
When a waiver of subrogation is required in a contract, it means that you are waiving your insurance company’s right to subrogate against another party, most commonly the party you are in under contract with. Most policy contracts, with the exception of workers’ compensation, allow you to waive your rights of subrogation as long as it is done in writing and prior to the loss. Often an endorsement is added specifically referring to the exact contract as a means of clarification. However, there are associated risks:
- In some jurisdictions, waivers of subrogation are not available. Therefore, a careful review of the state statute is required. You should also obtain your workers’ compensation carrier’s position and agreement on waivers of subrogation.
- Waiver of subrogation requirements should be built into a contract. The contract wording should be thoroughly reviewed to ensure the waiver of subrogation is being utilized appropriately for the situation. For example, mutual waivers may be beneficial in landlord/tenant contracts, where all parties waive their rights. However, in construction contracts, mutual waivers may not be acceptable or prudent.
The Value of Waiver of Subrogation Clauses
A waiver of subrogation clause is placed in a contract to minimize lawsuits and claims between the parties. The risk, once assigned to the insurers by the parties, is determined to stop there, without allowing the insurer to seek costs from a third party. This guarantees that if a loss occurs, the owner’s insurer pays the claim and the insurance proceeds can be used to fund the cost of repairs without determining who was at fault. Without a waiver of subrogation, litigation or arbitration is frequently needed to determine whose fault caused a loss, which can lead to long and costly delays.
It’s important that all contractual language mirrors your policy. As your insurance partner, we are committed to helping you understand how your policy language impacts your contractual risks. Call Tooher-Ferraris Insurance Group today to learn more about how we can assist you in mitigating your contract exposure.
Could an exclusion in your commercial general liability (CGL) policy leave your business liable for damages due to an employee’s injury, even though the employee already received workers’ compensation benefits? It may seem like the answer should be a simple “No,” given that workers’ compensation generally limits the remedies an employee can obtain from an employer for a work-related injury. Yet, whenever an employer assumes general liability through a contract with a third-party, the answer could be a very costly “Yes.”
This is because workers’ compensation does not bar injured employees from suing third parties, and it is possible for those lawsuits to circle back from a third party to the employer. These lawsuits are often referred to as “third-party action-over” claims. If an employer’s CGL excludes all coverage for claims involving its employees’ work-related injuries, the employer could end up facing a third-party action-over claim without insurance.
It’s a complicated risk, but understanding the nature of the potential liability and the limits and exclusions of your insurance policies is essential to protecting yourself from this exposure.
Third-party Action-over Claims Explained
In short, a third-party action-over claim occurs when an employee’s lawsuit against a third party rebounds back onto the employer because of that employer’s prior contractual arrangement with the third party. That may sound complicated, but an example can help illustrate the parties involved and the nature of the liability:
- A property owner hires a contractor, which has its own employees, to assist in the construction of an office building.
- As a provision of the construction contract, the contractor agrees to indemnify the property owner against liabilities that may arise from the contractor’s performance of the work.
- An employee of the contractor is injured at the construction job site.
- The employee files for, and collects, workers’ compensation from the contractor.
- In addition, the employee files a lawsuit against the property owner that alleges negligence for not maintaining a safe work site.
- Because the contractor agreed to indemnify the property owner in the construction contract, the property owner shifts its liability for negligence onto the contractor.
It’s important to note that the third party doesn’t have to be a property owner. Any other third party could trigger the action-over claim, as long as the employer (the contractor in the above example) has a contractual agreement with the third party that indemnifies the third party from liability.
In recent years, however, some insurance carriers have attempted to reduce their losses by amending or altering the standard CGL policy. Different carriers have adopted different tactics, but the effect has been the same—to remove the policyholder’s protection from liability in third-party action-over claims.
One provision to watch out for is the absolute employer’s liability exclusion. As its name implies, this excludes the policyholder’s coverage relating to employee injuries, regardless of the circumstances—including third-party action-over claims.
Protecting Your Business
Third-party action-over claims may seem like a convoluted risk, but in the event of another party’s negligence, that risk can become very costly. And for better or worse, there’s little else a business can do other than to make sure it has appropriate coverage.
Insurance policies can be complicated documents, often filled with exclusions, exceptions and exclusions of the exceptions. That’s why it’s essential to work with a trusted advisor when assessing your business’s exposures and determining the right coverage to match your business’s specific needs.
Contact Tooher-Ferraris Insurance Group today at 203.834.5900 to learn more about your CGL insurance options and to make sure you’re covered.
Predicting the Top 5 Cyber Threats in 2019
|Hackers will keep exploiting cyber defense trends and new |
technology to steal valuable information and cause chaos.
As large-scale cyber attacks continue to make headlines on a regular basis, many businesses have started to realize the importance of safeguarding their systems and data. However, hackers will keep exploiting cyber defense trends and new technology to steal valuable information and cause chaos.
Staying aware of developments in cyber security can help your business prepare an effective response plan. Credit reporting agency Experian recently released its 2019 data breach industry forecast, which predicts the five biggest cyber threats for the year:
- Biometrics—Device manufacturers like Apple, Google and Samsung have started to use biometric scanners as a more secure form of authentication. But as fingerprint and facial recognition systems become more popular, hackers will start to target servers that store biometric data.
- Digital skimming—Criminals have used skimmers to steal credit card information for decades, but hackers are looking at a digital version of this crime that can target e-commerce websites.
- Wireless carriers—
Recent securitytests have found that hackers can infiltrate the signaling platformthat allows wireless carriers to connect to each other. As a result, hackers may be able to start a large-scale attack on a motor carrierand remotely access data on smartphones.
- Cloud vendors—Hackers have targeted cloud computing systems
before,but mostly focus on individual businesses instead of the service providers. If a large cloud vendor is attacked, it could expose data fromthousands of businesses that assumed their data was safe.
- Gaming—Nearly a quarter of the world’s population play games, according to Experian.
And sincegames require downloading third-party software and setting up anonymousaccounts, hackers can easily infiltrate systems to install malwareor steal financial information.