This article was first published in the IIB Bulletin, Vol 2, Issue 2, pp4-6
Mr. Sushant Sarin is the Senior Vice President- Commercial Lines, at Tata AIG General Insurance Co. Ltd. In this capacity, he is responsible for profitably growing the Commercial Lines business of Tata AIG, leading its major and corporate accounts practices and overseeing its broking and commercial agency distribution.
Under Sarin’s stewardship Tata AIG has been the leading Liabilities insurer for India Inc. Sarin helped set up Tata AIG’s operations and as part of the start-up team one of his assignments was to help bring to India Inc. the latest liability insurance products used by industry world over.
A practicing Fellow of the Insurance Institute of India, Sarin has close to 25 years of experience in the General Insurance Industry. Prior to Tata AIG, he worked in various capacities with United India Insurance Co.
Sarin is a graduate in Science from St. John’s College and holds a Post Graduate Diploma in Management & Marketing. His interests include long distance running, reading and dramatics. He is currently reading “Miles to Run Before I Sleep” by Sumedha Mahajan (Rupa Publictions, 2015).
In a conversation with Dr. Nupur Pavan Bang of the Insurance Information Bureau of India, Sarin talks about the Unconventional Insurance products which have gained significance in recent years due to the Social, Regulatory, Technological and Environmental changes taking place globally and in India, the challenges posed to the Insurers while selling such products and while assessing losses.
An ASSOCHAM-Mahindra SSG study earlier this year warned that the number of Cyber crime cases in India could rise to more than 3,00,000 cases in 2015, growing at a compounded annual growth rate (CAGR) of about 107 per cent. In such a scenario, Cyber Liability Insurance must gain importance. Is the growth in volume (in terms of Gross Written Premiums) of Cyber Liability Insurance products for the Insurance Industry, keeping pace with the increased number of crimes?
Cyber Liability Insurance is becoming very important nowadays, especially in the backdrop of rising number of instances of cyber crime and cyber data breaches. Its growth in terms of both premium as well as the number of policies being purchased has been remarkable.
At Tata AIG, we launched this product about two years back and the portfolio has grown to $2 million now. We see that more and more companies are buying Cyber Liability Insurance. Those companies which were the first movers are buying more cover and those who have not bought it yet, will start buying it.
However, when a client is looking to buy a Cyber Liability Insurance, he is buying something quite advanced and sophisticated. Tata AIG has the customers’ confidence in this product and the market share is tilted in its favour.
As you mentioned, Cyber Liability Insurance is quite advanced and sophisticated. How does a customer know what is the amount of Insurance or “Limit of Liability” that they would like to avail of?
Cyber Liability and Cyber Crime are often, though inaccurately, used as synonyms. Cyber crime refers to any crime committed using computers or over computer networks. When we think of cyber crime, we unwittingly limit our thinking to only those crimes committed using computers or over computer networks, that are related to theft and robbery of money or securities. However, confidential data or personally sensitive information such as that related to customers’ passwords for financial transactions, bank account numbers, confidential medical records, etc. are also very valuable and theft of such data or information can have dire consequences for a company or an individual.
For example, for a Bank, if someone accesses data of a Bank’s customers in an unauthorized manner, he can get into the account of any bank customer and do whatever he wants to do with the money lying in the account.
So information or data is very valuable. That’s why insurance for financial consequences of data breach, that is, Cyber Liability Insurance, becomes important.
Coming to how do companies know what should be the Limit of Liability for which they should buy insurance, this depends upon factors like the type and volume of data, origin of data, location where the data resides, sensitivity of the data, data security protocols, peer group benchmarking, etc.
So if the data originates from Europe or the US, the data privacy laws are stricter there, so more Insurance will be required. Similarly, if the data is personally sensitive or creates financial vulnerabilities, the amount of Insurance required will be much more.
How does the Insurance Company assess the loss if a data breach does happen? What are the kinds of losses that are covered by such a policy?
When money is stolen, like in the case of a recent event where a Bank discovered a fraud to the tune of a few Crores of Rupees due to fabricated credit cards, the amount of loss suffered is a straight forward calculation and this amount will be paid by an Insurance Company if the Bank has a policy covering such fraud.
However, a data breach is more complex. Cyber crime which results in a data breach may typically get discovered much later than a cyber crime where a specific amount of money is stolen. When it does get discovered, the following issues confront the company and lead to costs, expenses, fines, penalties and liability being incurred by the company:
- How did the data go out? Forensic investigation would need to be done and it is very expensive
- Cost of notifying the customers, that is, data subjects, about the breach; notification costs form a very large part of the financial costs following a data breach
- Regulatory bodies may impose a fine or penalty; the policy pays for these if these are insurable under law
- Customers or data subjects may sue the company. Courts may awards damages to be paid to each of the affected customers
- Reputation loss- a public relations expert may need to be hired to salvage the reputation of the Company and / or its Data Security Officer
The policy covers these and other financial consequences. The total of these losses is the amount payable under the policy.
The year 2015 saw bans on popular food products in India. For a company, when operating in a country like India, where the regulations at times may border on being in grey, rather than black or white, Product Liability Insurance becomes important. What are the main features of such a policy?
A lot of awareness has been created in recent times about product safety and quality and of Contaminated Product Insurance as a related risk mitigation measure. Product recall is very generic Insurance Policy. A product can be recalled for any number of reasons. It could be defective or dangerous or any other reason. Contaminated product insurance is a policy specifically created for products which are for consumption by people as consumption by human beings poses a high degree of risk if the product is unsafe or harmful. The policy covers the cost of recall, cost of additional warehousing, extra manpower, disposing of extra packaging and point of sale material, cost of engaging with a Public Relations agency to undo the damage to reputation and brand to re-establish market share, loss of profits because of business interruption following the incidence of contamination, malicious product tampering and product extortion etc.
What if the policyholder (Company) doesn't disclose that a certain product is contaminated? Will the Insurance Company still be liable to pay the claims?
Insurance policies are for fortuitous /accidental events even if caused due to negligence. Intentional or known defects are not covered.
Directors’ and Officers’ (D & O) Liability Insurance is another product which should have picked up in 2015. With cases of harassment in work places on the rise and complaints on high profile executives grabbing the media attention, are more and more companies opting for D & O Liability Insurance?
D & O Liability Insurance is no more an option. Everyone is buying it. No company is secure till they buy a cover protecting management against personal liability for managerial actions.
Is loss of a company’s CEO covered under an insurance policy?
For this, we must consider two different types of insurance products that deal with two very different types of exigencies.
One type of policy which is popular is Key Man Insurance. Such policies are sold by Life Insurance companies and are generally taken by a company on the life of key employees to cover the company from the sudden loss of a ‘Key Man’ that results in financial loss to the company.
As far as a D & O policy goes, it would protect the directors and officers of a Company if the company were to lose a dynamic successful CEO to say, competition. The profitability of the company and hence the share prices could take a beating. The shareholders may sue the Board of the company for not doing enough to retain the CEO and may demand compensation for their losses. D & O Liability Insurance would come into play here.
How does the Insurer price D & O Liability Insurance? What are the factors that are accounted for when underwriting and pricing the product?
It is the collective outcome of many factors like the performance track record of a company, its asset size, whether the company is listed or not, if listed whether the listing is in India or abroad, say US or UK, compliance record, disclosure standards, the nature of business, the nationality and profile of employees, etc.
Insurance is mainly meant to mitigate the losses that a company/individual may face if certain events happen. If we go by this definition of Insurance, then many Multinational companies operating in India may want to buy a cover for Tax related risks. Is there a product in the market which covers Tax risks?
Talking of tax levies in general, tax is levied by law. If tax that is to be levied is not deducted, collected or paid, whenever it is detected, it will have to be paid. There is no fortuitousness about it. However, when there is a transaction like a merger or an acquisition happening, the tax position under law may not be clear. If the law is not clear, for such very limited situations, Tax Indemnity Insurance is available. It is by its nature a customized policy. Very few insurers have the capability to write such policies.
What is the recourse for companies which are faced with retrospective taxes being levied on them? Tax risk is certainly not something that any of these companies would like to carry themselves.
Other than insurance for the limited situations where the tax position in a transaction may not be very clear, there are no blanket or omnibus tax insurance policies. Retrospective changes in laws will not be covered by Insurance.
Ace investor Mr. Rakesh Jhunjhunwala, in an interview to CNBC TV-18, earlier this year, expressed his concerns about the valuation of e-commerce companies in India. In the recent past, there have been more voices expressing concerns about the high valuations of the e-commerce start-ups and it is being likened to the Dot Com Bubble of 2000. If there indeed is a bubble, and it bursts, the Venture Capitalists (VCs) and Angel Investors (AIs) would be the ones to lose maximum money. In such a scenario, do see a need/demand for a product to cover the risks being faced by VCs and AIs?
VCs and the AIs do a lot of due diligence before they invest. Arriving at a reasonable valuation is part of their business and they must take that risk. But if the due diligence is not done appropriately, and limited partners lose money because of the negligence of general partners, professional indemnity insurance coverage under the VC Protector policy will be useful.