Welcome to our newest publication, The Robins Kaplan Insurance Insight. Our goal is to deliver practical content to help you navigate the current challenges and latest developments in the insurance industry. This newsletter is curated by the women of Robins Kaplan with the goal of celebrating women in the profession and exploring topics of general interest in the insurance field. Whether you are in-house counsel, a broker, a claims adjuster, or anyone else in the industry, we hope that you find our newsletter interesting and informative. Thank you and enjoy!

Drones: The FAA's Efforts for Timely Integration into Society

Watching the Jetsons cartoon as children, many of us no doubt wondered what our future would hold as a civilization – asking ourselves whether we would be traveling in flying cars, using jetpacks, or otherwise.

That future is arriving, and at a speed that none of us could have predicted or controlled.  For example, more than 2,000 drones are being registered with the Federal Aviation Administration (“FAA”) every single day.¹  That is over 550,000 registrations in the first nine months of 2016 and potentially over 2.6 million drones by the year 2020.²  The FAA forecasts that these staggering numbers will only grow as society further embraces the drone technology, especially since the FAA has recently allowed commercial drones users to apply for waivers of certain restrictions, such as nighttime operations, operations over people, and/or operations beyond the visual line-of-sight.³

For example, insurers are now using drones to adjust losses.  Likewise, insurance policies covering drones and potential liability for drones are established products separate and apart from standard all risk policies.

While no one wishes to stifle innovation and advancement, we need to ask ourselves how we can embrace this entirely new technology while accounting for inherent safety and novel legal concerns.  The Jetsons used jetpacks to greatly simplify and add convenience to their lives.  Drones will undoubtedly do the same.  However, unlike the Jetsons, we have to account for the practical problems that arise from living in a society that seeks to embrace such a technology. 

For example, what happens if millions of drones are used at the same time within the same airspace?  The FAA is seeking to tackle this puzzling question, among others, by creating a Drone Advisory Committee (“DAC”), which will solicit advice from stakeholders in the community by identifying regulatory priorities and structure for commercial users while simultaneously promoting innovation, safety, efficiency, and rapid integration of drones into the National Airspace System.⁴

Specifically, during their inaugural meeting in September 2016, the DAC – whose members include Amazon Prime Air, American Airlines, and General Atomic Aeronautical Systems, to name a few⁵ – reviewed a detailed survey just completed regarding drone user expectations and concerns across the different industries.  The results, which highlighted safety and collision avoidance as top concerns, structured the DACs efforts and priorities for the upcoming year.⁶

And while the DAC’s efforts are not focused on the insurance industry, its efforts will have a significant impact on insurers.

For example, because there are no minimum standards or thresholds governing the airworthiness of a drone; no interoperability standards for drones within the same airspace; and no minimum performance standards for users (other than the very general operating rules provided by statute),⁷ insurance policies covering drones and potential liability for drones currently stand as fairly risky products for insurers.  All the unknowns simply make the calculation of risks exceedingly difficult. 

Luckily, the DAC seeks to rapidly address these concerns by not only (1) establishing criteria for developing, testing, and certifying the software and hardware used by commercial drones, but also (2) creating minimum operational performance standards for communicating, navigating, and/or conducting surveillance by drone operators.⁸  Because the number of commercial drones is expected to rapidly increase, the DAC also plans to establish standards where necessary to ensure that many drones can operate at the same time in shared airspace.⁹  Taken together, these minimum standards will bring much needed clarity to assessing the risk of drone policies, much of which still remains amorphous and unknown.

The other major impact the DAC’s efforts will have on the insurance industry is on (1) the adjustment of claims on existing policies, and (2) the assessment of risk, relating to real property.  Traditionally, claim professionals have had to climb ladders to inspect roofs and other elevated structures.  Likewise, measurements had to be taken manually. 

The introduction of drones has improved the customer experience by expediting inspections, payments, and (thus) repairs – allowing insureds to get back on their feet much quicker.  Moreover, because drones can now capture visual imagery using geospatial and satellite technology, insurers can now automatically calculate the measurements of relevant property, such as a roof, without resorting to manual measurement.

The DAC’s efforts will undoubtedly improve the claim adjustment and risk assessment processes even further by establishing a concept of operations for drones flown beyond the visual line-of-sight.¹⁰  A concept of operations, once established, is a precursor for autonomous operations, which will effectively eliminate the need for control or even presence by a claim professional during drone operations.¹¹  This futuristic technology is already being leveraged by retailers, such as Amazon Prime Air, who recently completed its first autonomous drone delivery in England – taking only thirteen minutes to deliver a package following online ordering.¹²  Such leaps in efficiency and expediency can likewise benefit the insurance industry.

At the end of the day, the technology of tomorrow is already taking root at a pace much quicker than most of us imagined.  And while there are still many unanswered questions on how drones will impact us, the FAA and DAC are facing these issues head-on, setting lofty goals for a timely, but safe, integration of drones into our everyday lives.  Like the society of the Jetsons, who figured out how to use flying cars and jetpacks to greatly simplify and add convenience to their lives, we too need to solve the puzzle of innovation and advancement so that we can enjoy the benefits of living in a futuristic society.

¹ Drone Advisory Committee Public Meeting: PPT Presentation, RTCA, Inc. at p. 11 (Sept. 16, 2016), available at http://www.rtca.org/content.asp?pl=33&sl=216&contentid=216.

² Id. at pp. 11-12.

³ See 14 C.F.R. § 107, et seq.; see also Drone Advisory Committee Public Meeting: PPT Presentation, RTCA, Inc. at p. 32 (stating that the top three waiver requests received by applicants related to daylight operations, operations over people, and operations beyond the visual line-of-sight).

⁴ Terms of Reference: Drone Advisory Committee (DAC), RTCA, Inc. at p. 1 (Sept. 1, 2016), available at http://www.rtca.org/content.asp?pl=33&sl=216&contentid=216.

⁵ Drone Advisory Committee Membership, RTCA, Inc. at p. 1 (Aug. 31, 2016), available at http://www.rtca.org/content.asp?pl=33&sl=216&contentid=216.

⁶ Drone Advisory Committee Public Meeting: PPT Presentation, at p. 22.

⁷ See 14 C.F.R. § 107, et seq.

⁸ Drone Advisory Committee Public Meeting: PPT Presentation, at pp. 25-31; DAC Meeting September 16, 2016 Meeting Minutes, RTCA, Inc. at pp. 4-7 (Sept. 16, 2016), available at http://www.rtca.org/content.asp?pl=33&sl=216&contentid=216.

⁹ DAC Meeting September 16, 2016 Meeting Minutes, at p. 6.

¹⁰ Drone Advisory Committee Public Meeting: PPT Presentation, at pp. 25-31; DAC Meeting September 16, 2016 Meeting Minutes, at pp. 4-7.

¹¹ Drone Advisory Committee Public Meeting: PPT Presentation, at p. 30.

¹² Nathan Ingraham, Amazon Completes Its First Drone-Powered Delivery, Engadget (Dec. 14, 2016), available at https://www.engadget.com/2016/12/14/amazon-completes-its-first-drone-powered-delivery/.

Insurance Class Actions: Avoiding Pitfalls and Mitigating Risks

Historically, class actions have been somewhat rare in the insurance world because most  insurance claims are highly fact dependent. For instance, if an insured challenges the factual basis for an insurer’s denial of coverage and wins, that ruling is not likely to have ramifications to the insurer beyond that particular case unless those particular facts are common to a number of insureds. But there are several instances where insurers can find themselves vulnerable to class actions; and with increasing use of technology to standardize claims and underwriting decisions, insurers are more exposed than ever to the potential for class action suits.

Class Action 101: 

There are generally two ways to defeat a class action case—(1) defeat it on liability or, more often, (2) defeat class certification. If class certification is denied, the case technically continues as an individual case. But as a practical matter, the potential exposure of the individual case is so much less than if the class were certified that the case can often be resolved quickly. One of the best ways to defeat class certification is by showing that the individualized issues in the case predominate over common ones. A class can only be certified under Fed. R. Civ. P. 23(b)(3)—the relevant provision if damages are sought—if “the court finds that the questions of law or fact common to class members predominate over any questions affecting only individual members, and that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Thus, if the issue is one that will be decided on the unique, individual facts of a particular case, it is not likely  susceptible to a class action. But if the key liability question rests upon a question of law or a common set of facts, the issue could be fertile ground for plaintiffs’ counsel to bring a class action on behalf of all insureds affected by the issue.

Legal interpretations of policy provisions.  

The insurance field often has standardized language that is repeatedly used in tens of thousands of insurance policies throughout the country. If a court interprets a policy provision as a matter of law in favor of the insured in a given case, the risk for follow-on class actions against the insurer increases. This was true of the wave of class actions involving the “Three Trade Rule,” where courts ruled that insurers offering replacement cost property coverage were obligated to pay GCOP (general conditions, overhead, and profit) whenever a repair was expected to involve at least three construction “trades.”  Thus, whenever there is a broad and new legal interpretation of standard policy terms, an insurer may face pressure to follow that new and insured-friendly interpretation going forward for future claims in that jurisdiction (or clarify or change the language of the policy), and it could be subject to a class action by all of those insureds who had claims denied based on the decision rejecting the traditional more insurer-friendly interpretation. All it would take would be one insured who, within the statute of limitations, was denied coverage based on the insurer-friendly interpretation to follow that new and insured-friendly interpretation going forward for future claims (or clarify or change the language of the policy) to bring suit individually and on behalf of all those “similarly situated” seeking to use issue preclusion affirmatively and you could be facing significant exposure. Further, a cascade effect could be triggered for any other insurers that also use the same standard policy language and apply the same standard legal interpretation.

Liability based on a common set of facts.

Another way that insurers can find themselves in the crosshairs of the class-action plaintiffs’ bar is by having policies or practices that treat a group of insureds identically and in a way that is arguably a breach of a policy or a violation of a statute. For instance, a California court recently granted declaratory relief in favor of a class that alleged an improper use of a depreciation guide that applied straight line depreciation to like-new property in violation of the California Insurance Code. Currently, at least one insurer is facing a class action lawsuit for erroneously calculating rebates required under the Affordable Care Act. Another insurer is facing a class action by denying coverage for wildfire smoke damage where the plaintiff alleges the insurer failed to provide adequate notice of a sublimit that was added to the policy. If the class plaintiffs in these cases are successful in convincing a judge that the common questions predominate over individual ones, in addition to the other class action requirements, the plaintiff’s individual case, could turn into a much more complex and financially significant case.

Mitigating the Risks. 

When faced with what seems like a routine coverage dispute, consider whether the dispute, if litigated to an ultimate judgment, could become a basis on which to bring a class action. To minimize class action risk, think strategically about whether to allow a court to rule on a legal interpretation of a policy provision that could have negative repercussions far beyond that individual case. You might be far better off settling on an individual basis rather than risking a bad ruling that could make you vulnerable to claims from a class of everyone denied coverage on the same basis.

Similarly, if an insured complains about an issue that would apply uniformly across a large group of insureds, evaluate it carefully and if remedial action is required, act quickly. If a mistake was made, like miscalculating a rebate or depreciation for instance, be sure to fix it immediately. If the insurer takes steps to affirmatively redress such a mistake, depending on the degree of remediation, it might negate the need for a class action. And if some class counsel decides to assert the case anyway, the insurer stands a strong chance of defeating the class based on the argument that a class action lawsuit is not “superior to other available methods for fairly and efficiently adjudicating the controversy,” as required by Rule 23. A insurer’s willingness to make the insureds whole again absent litigation is likely far “superior” than a class action that adds little to the mix other than a request for attorneys’ fees which could result in the insureds getting even less than they would under a more proactive, out-of-court approach.

Ultimately, the key for insurers to fend off class actions is to avoid a one size fits all approach to handling insurance claims. Counsel for insurers need keep an eye out for and evaluate all cases on their potential for creating a vehicle for a future class action and strategize accordingly.

Phishing Scam is Not Covered Computer Fraud Under Commercial Crime Policy

Adding to the limited number of appellate opinions in the cyber arena, the Fifth Circuit recently found that losses caused by a phishing scam did not trigger coverage under a commercial crime policy’s computer fraud provision. The court’s decision in Apache Corp. v. Great American Insurance Co. reinforces the need for specialized coverage for social engineering attacks.¹

What are social engineering attacks?

Social engineering attacks rely on human interaction and the scammer’s social skills to surreptitiously obtain information. Phishing scams, a type of social engineering attack, involve the use of email or malicious websites to obtain personal or corporate information. Often, the scammer assumes a trustworthy persona to solicit information and, when the target responds, the attacker uses the information to access financial accounts. Unlike traditional cyber-attacks—which exploit technology and system-based vulnerabilities—social engineering scams exploit human vulnerabilities and can be difficult to safeguard against.

According to a recent study that surveyed the impact of social engineering attacks on organizations across a wide array of industrial sectors in the United States, 60% of respondents reported that their organizations were or may have been victims of a targeted social engineering attack in the past year. Of these attacks, 65% involved compromised employee credentials and 17% involved breached financial accounts.²
 
Apache Corp. v. Great American Insurance Co.

In this coverage dispute, the Fifth Circuit interpreted a computer fraud provision—often used in the fidelity insurance industry—and concluded there was no coverage for a multi-faceted social engineering scam that did not result directly from computer use. In March 2013, an individual impersonating one of Apache’s vendors called an employee in Apache’s accounts’ payable department and instructed the employee to change the vendor’s bank account information. The Apache employee advised that a formal written request on the vendor’s letterhead was required.

A week later, the accounts’ payable department received an email from an account that was similar to the vendor’s email address. This email included as an attachment a signed letter on the vendor’s letterhead instructing Apache to change the bank account information and providing new wiring instructions. An Apache employee called the number on the vendor’s letterhead and an imposter confirmed the authenticity of the request. Apache then approved and completed the change. It deposited roughly $7 million into the phony account before discovering the fraud. Though Apache recovered a substantial portion of these funds, it lost roughly $2.4 million.

Apache brought a claim for $1.4 million, its loss after the deductible, under the Computer Fraud provision in its commercial crime policy with Great American.  
This provision provided coverage for losses:

[R]esulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

a. to a person (other than a messenger) outside those premises; or

b. to a place outside those premises.

Apache claimed its loss was covered because the phishing email directly caused the transfer of funds. Great American denied the claim, stating the “loss did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds.” The district court granted Apache’s motion for summary judgment, stating “the intervening steps of the [post-email] confirmation phone call and supervisory approval do not rise to the level of negating the email as being a ‘substantial factor.’”

The Fifth Circuit disagreed, finding that the loss did not result directly from the computer fraud and vacating the judgment for Apache. In holding that Apache’s loss did not trigger the Computer Fraud coverage, the court stated:

The email was part of the scheme; but, the email was merely incidental to the occurrence of the authorized transfer of money. To interpret the computer-fraud provision as reaching any fraudulent scheme in which an email communication was part of the process would . . . convert the computer-fraud provision to one for general fraud.

The phishing email was “but one step in Apache’s multi-step, but flawed, process that ended in its making required and authorized, very large invoice-payments, but to a fraudulent bank account.”

On November 21, 2016, the Fifth Circuit denied Apache’s motion for reconsideration without comment.³ On December 13, 2016, it denied Great American’s motion to publish the opinion without comment.⁴

Why the Opinion Matters

Technology and the methods of those who seek to exploit it are evolving faster than the industry and the courts can respond. In Apache, the court took judicial notice “that, when the policy was issued in 2012, electronic communications were, as they are now, ubiquitous, and even the line between ‘computer’ and ‘telephone’ was already blurred.” Against this backdrop, the Fifth Circuit’s decision helps provide certainty and set boundaries for the scope of computer fraud coverage—a standard provision used throughout the fidelity insurance industry. It reaffirms the original intent and scope of this coverage—to provide indemnification for fraudulent acts that are the direct result of computer use (e.g., hacking and unauthorized computer use). Apache confirms that the coverage stops short of multi-faceted social engineering schemes where email is only one component of a complex scam.

As social engineering fraud increases and continues to evolve, policyholders face an increased risk for losses that likely will not trigger coverage under computer fraud and funds transfer provisions. Apache confirms that there is a market for specialized coverage for social engineering schemes and this market will only continue to grow as all industry participants respond to ever-changing cyber security risks.   

¹ Apache Corp. v. Great Am. Ins. Co., No. 15-20499, 2016 WL 6090901, 2016 U.S. App. LEXIS 18748 (5th Cir. Oct. 18, 2016).

² AGARI DATA, INC., EMAIL SECURITY: SOCIAL ENGINEERING REPORT (Nov. 30, 2016), available at https://www.agari.com/project/report-email-security-social-engineering-survey/?pr.

³ Order on Pet. for Rehearing, Apache Corp. v. Great Am. Ins. Co., No. 15-20499 (5th Cir. Nov. 21, 2016).

⁴ Order on Mot. to Publish Opinion, Apache Corp. v. Great Am. Ins. Co., No. 15-20499 (5th Cir. Dec. 13, 2016).

Book Review - All the Single Ladies: Unmarried Women and the Rise of an Independent Nation

Rebecca Traister (March 2016, 339 pp.)

Though this book is not a step-by-step guide for success in business, it offers us the opportunity to better appreciate the barriers that women have overcome, face now and can address in the future—including those in the insurance world. Rebecca Traister’s work celebrates the social, political and economic choices available to women in the United States today, finding that they vary widely depending on education, financial status and social background. She examines some of the many factors and government policies that encourage or limit those choices, of which marriage is only one. 

The first three chapters lead into today’s issues with a review of the political, economic and social history of women in the United States since its settlement by Europeans, including major demographic changes and women’s roles in temperance, abolition, suffrage and secondary education. The balance of the book touches on various issues related to economics, balancing work and socializing, and marriage and parenting. Statistics and historical summaries mix with current politics, extensive interviews and personal anecdotes.

Ms. Traister started this book in 2009, when she and many others realized that today, only 20% of Americans are married by age 29, compared to nearly 60% in 1960. “Single” (unmarried, divorced or widowed) is becoming a more accepted norm—if not the norm—for women as well as men. It took years for Ms. Traister to explore the ramifications of her topic, which go far beyond cultural changes in the time and circumstance of marriage.

In the business world, the number of working women continues to rise, but women hold no more than 20% of leadership positions.¹ Recent studies indicate that women constitute almost half of graduating lawyers and one-third of graduating MBAs and have for some time, but only some 17% of equity partners in major law firms, 22% of Fortune 500 general counsel and 5% of Fortune 500 CEOs are female.²

In the insurance industry, studies over the last 5 years show that women fill over 75% of clerical positions, but hold only 6 percent of top executive positions, 12.5% of board seats, and 8% of inside business, legal or actuarial officer roles, such as chief actuary or division president.³  According to the U.S. Bureau of Labor, in 2015 women held 59.4% of the 2.7 million jobs in the insurance industry in the United States, but mostly at the lower and middle levels of the job pyramid. Only 1% of actuaries were women. Women have become 58.6% of underwriters, 51.2% of sales agents, 55.3% of claims adjusters, appraisers, examiners and investigators and 77.1% of claims and policy processing clerks.⁴ The disparity in pay between men and women “is greater in the finance and insurance services sector than all other industries.” ⁵ Women get only 62.2% of what men receive, compared to 82.2% in all other industries.⁶ Much of this disparity is attributed to women negotiating lower starting salaries and benefits. Unconscious gender discrimination in promotions and other rewards also contributes.⁷

Many women (and men) are working to improve the opportunities available for women and for those of diverse and low-income backgrounds in particular. Compare Chapter Six, “For Richer:  Work, Money and Independence,” with Chapter Seven, “For Poorer: Single Women and Sexism, Racism and Poverty.” The insurance industry has not lagged in offering remote access or telecommuting benefits, flexible hours and schedules, and implementing other policies that enable a better work/life balance—not just for those with family responsibilities, but for everyone. The U.S. Bureau of Labor reports that home-based work by employees of private companies increased 67% from 1997 to 2010; that trend is growing.⁸

As Ms. Traister makes clear, women with remunerative, non-physical jobs, have the most options available to them. Her work is a thoughtful, well-researched reminder to appreciate where we have been, how far we have come, and where we still need to go.

¹ See See University of Denver, Colorado Women’s College, Benchmarking Women’s Leadership in the United States (2013), available at http://womenscollege.du.edu/benchmarking-womens-leadership/; see also CIT Bank, N.A., Women in Industry: Five Fast Facts that May Surprise You! (Oct. 13, 2016), available at https://www.cit.com/blog/women-in-business-facts/?cmp=paidsearch&gclid=CJStoJfF8dACFQ13fgodjRsA1w&jcpid=8a8ae4cd58215cb401582e930282464f&jsf=e2caf1cd-81ee-4f7e-9552-105fdadb194b:35584.

² E.g., Pew Research Center, Women and Leadership: Public Says Women are Equally Qualified, but Barriers Persist (Jan. 14, 2015), available at http://www.pewsocialtrends.org/2015/01/14/women-and-leadership/.

³ See Laura Mazzuca Toops, Women in Insurance, PROPERTY CASUALTY 360° (Aug. 1, 2013), available at http://www.propertycasualty360.com/2013/08/01/women-in-insurance?slreturn=148122051.

⁴ See U.S. Dept. of Labor, Bureau of Labor Statistics, Labor Force Statistics from the Current Population Survey (Feb. 10, 2016), available at http://www.bls.gov/cps/cpsaat11.htm.

⁵ See Joanne Wojick, Women Have Made Gains in the Insurance Industry, but Challenges Remain, BUSINESS INSURANCE (Dec. 1, 2013), available at http://www.businessinsurance.com/article/20131201/NEWS04/312019991.

⁶ Id.

⁷ See Pew Research Center, Gender and Leadership Dataset (Mar. 25, 2016), available at http://www.pewsocialtrends.org/2016/03/25/gender-and-leadership/.

⁸ See Insurance Information Institute, Careers and Employment: Insurance Industry Employment (2015), available at http://www.iii.org/fact-statistic/careers-and-employment.