This article was first published in the IIB Bulletin, Vol 2, Issue 2, pp4-6
Mr. Sushant Sarin is the Senior Vice President- Commercial Lines,
at Tata AIG General Insurance Co. Ltd. In this capacity, he is responsible for
profitably growing the Commercial Lines business of Tata AIG, leading its major
and corporate accounts practices and overseeing its broking and commercial
agency distribution.
Under Sarin’s
stewardship Tata AIG has been the leading Liabilities insurer for India Inc.
Sarin helped set up Tata AIG’s operations and as part of the start-up team one
of his assignments was to help bring to India Inc. the latest liability insurance
products used by industry world over.
A practicing Fellow of
the Insurance Institute of India, Sarin has close to 25 years of experience in
the General Insurance Industry. Prior to Tata AIG, he worked in various
capacities with United India Insurance Co.
Sarin is a graduate in
Science from St. John’s College and holds a Post Graduate Diploma in Management
& Marketing. His interests include long distance running, reading and
dramatics. He is currently reading “Miles to Run Before I Sleep” by Sumedha
Mahajan (Rupa Publictions, 2015).
In a conversation with Dr. Nupur Pavan Bang of the Insurance
Information Bureau of India, Sarin talks about the Unconventional Insurance
products which have gained significance in recent years due to the Social,
Regulatory, Technological and Environmental changes taking place globally and
in India, the challenges posed to the Insurers while selling such products and
while assessing losses.
An ASSOCHAM-Mahindra SSG study earlier this year warned that the number
of Cyber crime cases in India could rise to more than 3,00,000 cases in 2015,
growing at a compounded annual growth rate (CAGR) of about 107 per cent. In
such a scenario, Cyber Liability Insurance must gain importance. Is the growth
in volume (in terms of Gross Written Premiums) of Cyber Liability Insurance
products for the Insurance Industry, keeping pace with the increased number of
crimes?
Cyber Liability Insurance
is becoming very important nowadays, especially in the backdrop of rising
number of instances of cyber crime and cyber data breaches. Its growth in terms
of both premium as well as the number of policies being purchased has been
remarkable.
At Tata AIG, we
launched this product about two years back and the portfolio has grown to $2
million now. We see that more and more companies are buying Cyber Liability
Insurance. Those companies which were the first movers are buying more cover
and those who have not bought it yet, will start buying it.
However, when a client
is looking to buy a Cyber Liability Insurance, he is buying something quite
advanced and sophisticated. Tata AIG has the customers’ confidence in this
product and the market share is tilted in its favour.
As you mentioned, Cyber Liability Insurance is quite advanced and
sophisticated. How does a customer know what is the amount of Insurance or
“Limit of Liability” that they would like to avail of?
Cyber Liability and Cyber
Crime are often, though inaccurately, used as synonyms. Cyber crime refers to
any crime committed using computers or over computer networks. When we think of
cyber crime, we unwittingly limit our thinking to only those crimes committed
using computers or over computer networks, that are related to theft and
robbery of money or securities.
However, confidential data or personally
sensitive information such as that related to customers’ passwords for
financial transactions, bank account numbers, confidential medical records,
etc. are also very valuable and theft of such data or information can have dire
consequences for a company or an individual.
For example, for a
Bank, if someone accesses data of a Bank’s customers in an unauthorized manner,
he can get into the account of any bank customer and do whatever he wants to do
with the money lying in the account.
So information or data
is very valuable. That’s why insurance
for financial consequences of data breach, that is, Cyber Liability
Insurance, becomes important.
Coming to how do
companies know what should be the Limit of Liability for which they should buy
insurance, this depends upon factors like the type and volume of data, origin
of data, location where the data resides, sensitivity of the data, data
security protocols, peer group benchmarking, etc.
So if the data
originates from Europe or the US, the data privacy laws are stricter there, so
more Insurance will be required. Similarly, if the data is personally sensitive
or creates financial vulnerabilities, the amount of Insurance required will be
much more.
How does the Insurance Company assess the loss if a data breach does
happen? What are the kinds of losses that are covered by such a policy?
When money is stolen,
like in the case of a recent event where a Bank discovered a fraud to the tune of
a few Crores of Rupees due to fabricated credit cards, the amount of loss
suffered is a straight forward calculation and this amount will be paid by an Insurance
Company if the Bank has a policy covering such fraud.
However, a data breach
is more complex. Cyber crime which results in a data breach may typically get
discovered much later than a cyber crime where a specific amount of money is
stolen. When it does get discovered, the following issues confront the company
and lead to costs, expenses, fines, penalties and liability being incurred by
the company:
- How did the data go out? Forensic investigation would
need to be done and it is very expensive
- Cost of notifying the customers, that is, data
subjects, about the breach; notification costs form a very large part of the
financial costs following a data breach
- Regulatory bodies may impose a fine or penalty;
the policy pays for these if these are insurable under law
- Customers or data subjects may sue the company. Courts
may awards damages to be paid to each of the affected customers
- Reputation loss- a public relations expert may
need to be hired to salvage the reputation of the Company and / or its Data
Security Officer
The policy covers
these and other financial consequences. The
total of these losses is the amount payable under the policy.
The year 2015 saw bans on popular food products in India. For a company,
when operating in a country like India, where the regulations at times may
border on being in grey, rather than black or white, Product Liability
Insurance becomes important. What are the main features of such a policy?
A lot of awareness has been created in recent
times about product safety and quality and of Contaminated Product Insurance as a related risk mitigation measure.
Product recall is very generic Insurance Policy. A product can be recalled for
any number of reasons. It could be defective or dangerous or any other reason. Contaminated
product insurance is a policy specifically created for products which are for consumption
by people as consumption by human beings poses a high degree of risk if the
product is unsafe or harmful. The policy covers the cost of recall, cost of
additional warehousing, extra manpower, disposing of extra packaging and point of
sale material, cost of engaging with a Public Relations agency to undo the
damage to reputation and brand to re-establish market share, loss of profits
because of business interruption following the incidence of contamination, malicious
product tampering and product extortion etc.
What if the policyholder (Company) doesn't disclose that a certain
product is contaminated? Will the Insurance Company still be liable to pay the
claims?
Insurance policies are
for fortuitous /accidental events even if caused due to negligence. Intentional
or known defects are not covered.
Directors’ and Officers’ (D & O) Liability Insurance is another
product which should have picked up in 2015. With cases of harassment in work
places on the rise and complaints on high profile executives grabbing the media
attention, are more and more companies opting for D & O Liability
Insurance?
D & O Liability
Insurance is no more an option. Everyone is buying it. No company is secure
till they buy a cover protecting management against personal liability for
managerial actions.
Is loss of a company’s CEO covered under an insurance policy?
For this, we must
consider two different types of insurance products that deal with two very different
types of exigencies.
One type of policy
which is popular is Key Man Insurance.
Such policies are sold by Life Insurance companies and are generally taken by a
company on the life of key employees to cover the company from the sudden loss
of a ‘Key Man’ that results in financial loss to the company.
As far as a D & O
policy goes, it would protect the directors and officers of a Company if the
company were to lose a dynamic successful CEO to say, competition. The
profitability of the company and hence the share prices could take a beating.
The shareholders may sue the Board of the company for not doing enough to
retain the CEO and may demand compensation for their losses. D & O
Liability Insurance would come into play here.
How does the Insurer price D & O Liability Insurance? What are the
factors that are accounted for when underwriting and pricing the product?
It is the collective
outcome of many factors like the performance track record of a company, its
asset size, whether the company is listed or not, if listed whether the listing
is in India or abroad, say US or UK, compliance record, disclosure standards, the
nature of business, the nationality and profile of employees, etc.
Insurance is mainly meant to mitigate the losses that a
company/individual may face if certain events happen. If we go by this
definition of Insurance, then many Multinational companies operating in India
may want to buy a cover for Tax related risks. Is there a product in the market
which covers Tax risks?
Talking of tax levies
in general, tax is levied by law. If tax that is to be levied is not deducted,
collected or paid, whenever it is detected, it will have to be paid. There is
no fortuitousness about it. However, when there is a transaction like a merger
or an acquisition happening, the tax position under law may not be clear. If the
law is not clear, for such very limited situations, Tax Indemnity Insurance is
available. It is by its nature a customized policy. Very few insurers have the capability
to write such policies.
What is the recourse for companies which are faced with retrospective
taxes being levied on them? Tax risk is certainly not something that any of
these companies would like to carry themselves.
Other than insurance
for the limited situations where the tax position in a transaction may not be
very clear, there are no blanket or omnibus tax insurance policies. Retrospective
changes in laws will not be covered by Insurance.
Ace investor Mr. Rakesh Jhunjhunwala, in an interview to CNBC TV-18,
earlier this year, expressed his concerns about the valuation of e-commerce
companies in India. In the recent past, there have been more voices expressing
concerns about the high valuations of the e-commerce start-ups and it is being
likened to the Dot Com Bubble of 2000. If there indeed is a bubble, and it
bursts, the Venture Capitalists (VCs) and Angel Investors (AIs) would be the
ones to lose maximum money. In such a scenario, do see a need/demand for a
product to cover the risks being faced by VCs and AIs?
VCs and the AIs do a
lot of due diligence before they invest. Arriving at a reasonable valuation is
part of their business and they must take that risk. But if the due diligence
is not done appropriately, and limited partners lose money because of the
negligence of general partners, professional indemnity insurance coverage under
the VC Protector policy will be useful.