The obligation to secure your opponent's data in the age of hacking
Hacking, corporate espionage and data breaches are on the rise around the globe.
In this update we feature the latest edition of our quarterly magazine, Insurance focus. We report on some of EIOPA’s recent publications including the results of the 2014 insurance stress test, the third consumer trends report and the second set of consultations on Solvency II Implementing Technical Standard and Guidelines. As the Law Commission publishes it interpretation of how the duty of fair presentation might apply to multiple parties and a re-drafted clause on terms not relevant to actual loss, we provide an update on the project to reform UK insurance contract law. Finally, our insurance team in Italy reports on new rules for pensions funds, particularly in relation to conflicts of interest.
This edition of our quarterly insurance magazine, Insurance focus, includes the second part of our report on the American Law Institute’s project to reform US liability insurance law. This project has taken on greater significance following the change in title to a ‘Restatement of the Law of Liability Insurance’. Stephen Pate from our Houston office considers the effect of this change.
From our Melbourne office, Matt Ellis and Erica Leaman reflect on the shifting regulatory landscape in Australia, with a particular focus on how the Australian regulator’s approach may impact insurers underwriting add-on products.
In Europe, the Insurance Mediation Directive (now called the Insurance Distribution Directive) remains under consideration and has undergone various changes in the last six months. Laura Hodgson highlights ten key features of the proposal as it currently stands.
In our quarterly review of cases, we report on a decision of the UK Supreme Court ordering the liability insurers of a non-party solicitor to pay costs for both parties to a dispute. We also consider three new cases on business interruption insurance that address the difficulties of proving loss and adjustments under trend clauses.
Our regular feature, International focus, includes regulatory updates from France, Italy, China, Indonesia and the UK.
For further information: Insurance focus – December 2014
The Norton Rose Fulbright insurance update is changing. In the New Year we will no longer be sending out our regular emails to an insurance only mailing list but will be adding our insurance content to the Regulation tomorrow blog. All our existing recipients can ensure that they receive content from the insurance team by signing up to receive the blog posts. This way you can determine exactly what content you receive and how often. You will also benefit from the breadth of the Regulation tomorrow blog which is a single portal for all regulatory matters across different jurisdictions.
Regulation tomorrow offers a convenient resource for those keeping track of the evolving and increasingly complex global financial services regulatory environment. It reports on financial services regulatory developments and provides insight and commentary across Australia, Canada, the UK and Europe and the United States. With topics ranging from banking and capital adequacy regulation, clearing and settlement, anti-money laundering, insurance, regulation and compliance, retail and wholesale conduct and securities regulation.
We have a leading reputation in the global market for advising on complex financial services regulatory matters, drawing on the strength of our financial services and insurance lawyers throughout Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia. With blog postings from our international team we ensure that you are on top of the latest developments.
To stay in the loop with insurance developments and insights from Norton Rose Fulbright please subscribe:
Remember we will no longer be sending out our regular content in the New Year so please sign up if you are interested in receiving blog posts.
Last week, the European Insurance and Occupational Pensions Authority (EIOPA) published 18 reports containing the final version of the majority of the first set of guidelines required under the Solvency II Directive. EIOPA expects that the comply-or-explain procedure relating to these guidelines will run from February 2015 to March 2015.
EIOPA also issued 16 consultations relating to the second set of draft Implementing Technical Standards (ITS) and Guidelines required under Solvency II. Guidelines on third country branches and on technical advice relating to regulatory technical standards (RTS) on recovery plans and finance schemes were also published. Responses to the consultations are requested by March 2, 2015, with the exception of the consultation on the technical advice for which responses are requested by February 18, 2015.
EIOPA has issued its third consumer trends report providing an overview of the insurance and pensions markets in terms of consumer detriment, mainly from the perspective of national supervisory authorities (NSAs). Although the report does not aim to provide a complete picture of all consumer risks, the main trends can be summarised as follows:
EIOPA suggests that some of these trends may warrant further investigation from a consumer protection perspective. This report is intended to be used in the identification of key consumer protection issues and used to inform the future work of EIOPA and NSAs.
For further information:
EIOPA has published a report setting out the results of its 2014 EU-wide insurance stress test. The exercise aimed to test the overall resilience of the insurance sector and identify its major vulnerabilities and consisted of two elements: a core stress module focussed on group results covering asset price stresses and insurance specific stresses; and a low yield module at individual level focusing specifically on the impact of low interest rates.
A total of 167 insurance groups and individual undertakings representing 55 per cent of gross written premium for the EU market participated in the core stress test module. A total of 225 undertakings representing 60 per cent of gross technical provisions participated in the low yield module. Participation was sufficiently representative to be able to draw inferences of a systemic nature. Insurance undertakings estimated a baseline scenario using the Solvency II regime, without internal models. In addition, undertakings tested a number of severe macro-economic and insurance specific shocks, including a prolonged period of low yields and a sudden reverse in interest rates.
In summary, the results revealed that:
As a follow up to the stress test, EIOPA issued a set of recommendations to NSAs in order to address in a coordinated way the identified vulnerabilities. NSAs are recommended to engage in a rigourous assessment of the firms’ Solvency II preparedness, in particular regarding the situations where capital increases and/or balance sheet management actions will be needed.
For further information:
The Law Commission of England and Wales has published a note which provides an interpretation of how the duty of fair presentation included in the Insurance Bill 2014 might apply where an insurance policy covers more than one party or legal entity.
The duty to make a fair presentation of the risk applies to an insured. Importantly, however, the right to claim under a policy may (depending on the drafting) extend beyond the policyholder to named insureds or ‘covered parties’. Where there is a non-disclosure that is deliberate or reckless the contract can be avoided. If the non-disclosure is not deliberate or reckless the remedy available to the insurer will be based on what the insurer would have done had it received a fair presentation.
The Law Commission reminds interested parties that, as under the existing law, where a policy covers a joint interest under which the parties share the rights and obligations of the contract, a failure to make a fair presentation of the risk by one will result in the remedies (whether avoidance or a lesser remedy) being applied to all the joint insureds.
Where the interests in the policy are considered to be severable (in other words construed as a bundle of separate contracts or different ‘slices’ of a severable agreement), the remedy for failing to make a fair presentation will be applied only to the liable party.
The Law Commission also identifies a third category of interest, where the policy is drafted between the insurer and a single insured, for example a parent company, but provides that various third parties will have the benefit of the cover (for example, every employee of each subsidiary or even of subsidiaries of subsidiaries). In these circumstances it becomes increasingly difficult to ascertain the scope of the duty to make a fair presentation of the risks being covered. There is currently no authority on how the existing requirements of the Marine Insurance Act 1906 apply in such circumstances. The Act does not state that each covered party is required to disclose, only that the prospective insured should. If the covered party seeks to later claim under the policy, however, the insurer may be able to use a defence available against them ‘which would have been available’ had the covered person been an insured under the contract. This will be limited to circumstances where the Contract (Rights of Third Parties) Act 1999 applies (although in most cases, insurance policies exclude the application of this Act).
The Law Commission is ‘confident’ that specific wording in the Insurance Bill to deal with covered persons is not required. The requirement upon the insured to make a reasonable search of information in order to make a fair presentation of the risk extends to making a search of information held in the insured’s own organisation and held by others. This would therefore require a parent company to make a reasonable search of all the information available on those who will be included under the policy as ‘covered persons’. What is reasonable will be fact specific. The requirement under the Bill is to disclose circumstances which ‘ought reasonably to have been revealed’. The Law Commission notes that this is a pragmatic test. If a covered party has unreasonably failed to make available important information, the duty to make a fair presentation will be breached by the insured.
Why does this matter? Frequently parent companies take out insurance to cover group risks. Knowing the effect of the drafting (as either joint, several or as a single insured for covered parties) will affect the scope of any diligence taken in relation to arranging cover. Although reassuring that the Law Commission takes a pragmatic view on how far a parent company should extend its reasonable search of information needed to make a fair presentation, the note is obviously not binding on the courts. Firms therefore will need to pay careful attention to how they scope risk diligence and ensure that they record their decision making in relation to what information they are seeking from group companies in relation to coverage.
Clause 11 of the Law Commission’s draft Insurance Bill (not included in the version of the Bill currently being considered before Parliament) attempts to limit the insurer’s ability to deny liability under a contract of insurance for a breach of a contractual term that was intended to reduce losses of a particular type or in a particular circumstance or time. An example of such a term might be a requirement to have a specific type of lock in place in order to reduce the risk of burglary. Her Majesty’s Treasury has requested that the clause be re-considered as a few stakeholders found the original drafting uncertain.
The Law Commission proposes that the re-drafted clause should attach to specific risk mitigation clauses – i.e. terms which could affect risks of a specific type of loss taking place or the risk that a particular type of loss will be greater than it might be otherwise. The clause should not be applied to clauses that reduce the risk profile of the risk as a whole (for example clauses that limit the use to which a property can be put or the geographical limits of coverage). What the clause as redrafted seeks to do is to ensure that the insurer should remain liable to pay a claim when the breach of a specific risk mitigation clause is totally irrelevant to the loss that has actually happened. However, it is for the insured to prove that the breach was irrelevant to the loss and could not have increased the risk of the loss that actually occurred happening.
So, what does this mean in practice? A good example of how the clause works is to consider the requirement that a vehicle is roadworthy. In this example the insured vehicle has a broken headlight. If the insured claims after skidding on black ice in darkness the insurer will not have to pay. The breach although not the direct cause of the loss, could potentially have contributed to the accident. However, if a claim is made after a tree falls onto the car in broad daylight, a broken headlight will have no connection to the type of loss that occurred and the insurer must pay the claim.
The Insurance Bill is currently being considered in the House of Lords. A special public bill committee has been convened in order to scrutinise the Bill. Both oral and written evidence will be heard. Once this process is completed the Bill is expected to enter the House of Commons sometime in January.
For further information:
On November 13, the Prudential Regulation Authority (PRA) sent a Dear CEO letter to general insurance firms, reminding them of their obligations to set adequate technical provisions. In the letter sent by Chris Moulder, PRA Director of General Insurance, to the Chief Executive Officers of firms, the PRA comments that some firms have chosen to lower premium rates, extend their terms and scope of cover offered or have weakened their underwriting criteria in order to remain competitive in the current market conditions.
Against this backdrop there has been a rise in claims in certain lines of business and an increase in uncertainty around reserving as a result of periodic payment orders and remaining asbestos liabilities. While the market is experiencing pressure on underwriting conditions, the PRA comments that firms are releasing a high amount of prior year reserves. The Dear CEO letter sets out the PRA’s expectations of firms to ensure that they comply with INSPRU 1.1.12R and take a robust approach to the setting of reserves and maintenance of adequate oversight of their reserving process.
For further information:
The Ministerial Decree n. 166 of 2 September 2014 (the Decree) by the Ministry of Finance was published on the Official Gazette website on November 13. The Decree adopts the criteria and investment limits applicable to pension funds as well as rules on conflicts of interest, implementing the relevant provisions of the Italian legal framework on pension funds.
The Decree is aimed at regulating the investment criteria, based on a qualitative approach to investments, applicable to pension funds, allowing for more flexibility. Most importantly, the Decree intends to provide a regulatory framework for conflicts of interest based on the guidelines established in MiFID 2004/39/CE.
The Decree applies to all pension funds operating in Italy, with certain specific exclusions on eligible assets applicable to individual insurance contracts integrating pensions (PIP) and pre-reform pension funds linked to traditional life insurance contracts, as well as to linked-policies and capital redemption operations. The rules of the Decree on eligible assets also apply to pension funds established in EU Member States operating cross-border in Italy.
Italian pension funds have 18 months to adopt adequate procedures, an organisational structure and techniques that are based on their dimension and complexity of the portfolio, the investment policy that they intend to pursue and the risks inherent in the management of the assets.
For further information please contact Nicolò Juvara.
Hacking, corporate espionage and data breaches are on the rise around the globe.
Implications for cryptocurrency trading, smart contracts and AI
Decree No. 228 of 2019 (Decree 228/2019) came into effect on 27 August 2019, which simplifies and revokes previous decrees of the Ministry of Employment (MoE) to widen the type of job titles allowed for foreign professionals to work in Indonesia.