What Insurance Coverage Is Your Association Missing?

By: Douglas R. Kelly

You already know about the importance of having insurance to cover your tradeshow, your board, and your employees. But other potential liabilities are lurking that may be critical to the health of your association.

There's a scene in the Woody Allen movie Take the Money and Run in which the main character, Virgil Starkwell, is caught trying to escape from prison. He's then sent to "the hole," an underground solitary confinement cell, with an insurance salesman. As the two climb down the ladder into the cell, the well-dressed, briefcase-toting insurance guy shakes Starkwell's hand and then tells him that the insurer has a new kind of whole-life policy that would be perfect for a convict like him.

It's laugh-out-loud stuff, but it also points up the way most people view insurance: a necessary evil, something to spend as little time and energy on as possible, usually when the subject can't be avoided. But for association executives, that approach can result in a world of hurt. If your insurance coverage makes the radar screen only when you and your colleagues are days or hours away from launching a new program or product, you've already lost precious time and opportunity.

The time to do the heavy lifting—and it's not so heavy when you have help—is now, especially when we're talking about the lower-profile, less-well-known areas of risk that can bite the unprepared association.

Beyond Low-Hanging Fruit

Many types of insurance coverage are no brainers for certain issues faced by any organization, whether for profit or nonprofit. For example, coverage for employment practice claims—failure to promote, harassment, discrimination, and so forth—is a basic safeguard against litigation that can be costly and time consuming to resolve. The same is true for event cancellation insurance; given the importance of the revenue generated by annual meetings and other conferences, most associations have this type of coverage in place.

Even with backups of the backups and the best firewall and antivirus technology, human beings are still involved, which means mistakes can be made.

But what about the loss of member data or other critical electronic files? Even with automatic and manual backups, backups of the backups, and the best firewall and antivirus technology available, human beings are still involved, which means mistakes can be made. "The traditional insurance policy does not protect the loss of that information," says Leslie White, president of Croydon Consulting in Severna Park, Maryland. "Associations often don't realize that that is an insurable risk, and there can be heavy liability that arises from that kind of loss. For example, the majority of states have identity theft laws … . If you have [an individual member's] information, and that individual's identity is compromised, such as their Social Security numbers, credit card numbers, et cetera, there are specific steps the association will have to take: notifying the individuals affected, setting up credit-score monitoring, et cetera, and that can be very expensive to do."

Putting a dollar value on your membership data or on other kinds of intellectual property can be a challenge. In essence, it comes down to replacement cost. "What would it cost you to re-create that information?" asks White. "If you lost your pool of newly revised test questions for your certification program, what would it cost you in time and energy to re-create that in the event you lost it and your backups did not work?"

Matching Risk to Coverage

Some of the risks explored here are covered by an association's insurance policies, while others are not. Following is a guide to standard types of policies and products and the risks they address. This list is not exhaustive, and some risks are addressed by more than one type of insurance product. As always, consult your insurance agent or broker for guidance and specifics.

Cyberliability insurance. Sometimes linked to media-liability coverage, cyberliability insurance offers coverage for claims of libel, slander, infringement of copyright or trademark, and so forth. It may also provide protection for the loss of electronic data and costs associated with re-creating such data.

Directors and officers liability insurance. D&O covers personal liability and financial loss incurred by executives and board members as a result of wrongful acts committed (or allegedly committed) by them in their capacities as corporate officers.

Employment practices liability insurance. Often a standard part of D&O coverage, EPLI covers allegations made by employees or former employees, which can include claims of wrongful termination, discrimination, or failure to promote, among others.

Errors and omissions liability insurance . E&O can provide coverage for an organization's certification activities as well as for exposure resulting from the setting of industry standards.

Event cancellation insurance. This kind of policy offers protection from losses incurred as a result of an event being cancelled.

Personal and advertising injury insurance. Generally found as part of other types of insurance coverage such as D&O and general liability, personal and advertising injury insurance provides coverage for areas such as libel, slander, and infringement of copyright or trademark.

An association's certification and standards programs carry other risks that may not at first be obvious. In 1993, a Washington state teenager, Shawn Meneely, dove into a neighbor's backyard swimming pool and broke his neck, leaving him paralyzed from the neck down. Meneely's attorney sued not only the manufacturer of the diving board and the builder of the pool, but the National Spa & Pool Institute as well. Because NSPI had published detailed specifications about how and where diving boards were to be installed in swimming pools, a jury decided NSPI was liable in the case and found against the association to the tune of more than $6 million.

Surprisingly, the builder who installed the diving board wasn't even a member of NSPI, nor did the builder install the unit to NSPI's specs. But the association was held liable nonetheless. The results of the lawsuit literally bankrupted NSPI, although it was eventually able to reorganize under a new name, the Association of Pool & Spa Professionals, and emerge from the bankruptcy.

Another frequently overlooked area is assumption of risk. "Associations differ from other organizations in terms of how much business they do away from their front door," says Lou Novick, president of Rockville, Maryland-based Novick Group, Inc. "They tend to sign a great number of contracts every year. That's a very distinctive issue with respect to risk management. It's not just that they're away from the insured premises … it's the contracts that underlie the business that takes place when they're away. Associations are at risk for the liability they assume under contract and very often, they don't focus on the assumption of risk. They're focused instead on the business terms, the deliverables."

An association can wind up assuming liability from its use or occupancy of a facility or location, even when that liability may not be of its own making. "Let's say an association wants to rent a convention center," says Novick, "and the center says, 'Great, we'd love to have you, but you are responsible for everybody that walks through the front door during your event.'

"Very often, association execs will sign these documents assuming that the risks they've now undertaken are transferable to their insurance company. ... In many cases, such assumption of third-party liability is not transferable."

Contract Opportunities and Online Risk

Even for smaller associations, an annual meeting or other key event will involve a number of outside vendors: IT and audiovisual technicians, tour bus operators, security personnel, and so on. It's here that potentially damaging risk can be incurred. Despite complying with the requirements of venues to be named as "additional insureds" on the association's insurance coverage, many association managers don't do the same with the vendors they hire for an event. "Getting their vendors to provide evidence of insurance coverage is one thing, but having the vendors name the association as an 'additional insured' for the duration of the event is critical for mitigating liability," says Amy Doherty, senior vice president at Aon Affinity, a managing general agent that provides insurance products to associations. "Small-staff associations have a real challenge in doing this. But even if they haven't been able to be out in front when the contract is negotiated, they should certainly have their broker look at the contracts 60, 90, 120 days before the event takes place and get some guidance. That's part of the broker's job. ... The broker gets a commission for placing insurance coverage on their behalf, so the broker should earn that commission by giving that additional service."

The role of your broker should be seen as someone who will work alongside your organization to ensure the best fit in terms of coverage.

Doherty also believes that online liability is a growing challenge for associations as they increasingly communicate electronically. A lack of precision often is the culprit with this kind of exposure. "It's what we call 'personal and advertising injury coverage' … libel, slander, defamation of character, infringement of copyright or trademark, et cetera," says Doherty. "Many directors and officers liability policies don't specify where the libel, slander, defamation of character, or infringement of copyright or trademark has to occur. ... It can occur in the cyber environment as well as in print. But policies tend to be vague."

Association managers need to be vigilant about exclusions of these risks going forward. "As claims become more developed in the cyber arena," Doherty says, "the tendency of insurance companies then is to not only provide an enhanced coverage form that addresses the risk but also to change current policy forms to exclude the risk. We're not there yet, but it's probably coming as these types of claims become more frequent and more severe."

Not-So-Heavy Lifting

There are ways to get a handle on your association's risk areas (or even your specific department's), and doing so starts with your insurance broker. It may need to begin with rethinking the role of your broker or agent. A broker makes money, of course, when he or she sells or manages insurance coverage for a client,  but it's in the broker's best interest to meet his or her clients' needs thoughtfully and professionally.

The role of your broker, therefore, can and should be seen as that of a counselor, an individual who will come alongside your organization and work with you to ensure the best fit in terms of coverage. "The insurance agent should be a trusted business advisor, similar to an organization's attorney or accounting firm," says White. "Whenever there's a question or issue, an association manager should call their agent and ask 'Is this something I should be worried about or is it no big deal?' And the agent should be able to tell them it's either an 'OMG' or 'don't sweat it, you're covered.'"

The next step is to begin the process of assessing risk. "I'm going to spend some time getting to know who they are," says Novick. "My expectation of the association executive is not that they will have the sophistication or the scholarship in risk management that you'd look for in a broker or agent. Rather, I want them be able to convey to the outside risk management advisor, 'This is who we are and this is what we do and where we go and who we do it with.'"

White wants to know the underlying causes of risk. "It's about defining an organization's risks and what the causes of those risks are. The next step is to prioritize those risks, those events, which is usually done in terms of frequency and severity. Frequency is, how often might that happen? The severity is, well, if it does happen, how bad could it be? Based on that frequency and severity, you then identify those risks that need to be addressed first." (For more information on the risk assessment process, see "Check the Map," below.)

Perhaps the most important part of successfully managing your association's risk areas is to foster and contribute to a culture of communication and early planning. "It needs to come from the top," says White. "A larger association may have a risk management or insurance committee, and those people need to keep it in the forefront and act as 'nudges' for their colleagues, to ask questions like 'Hey, has anybody thought about insurance for this?' There needs to be an 'insurance evangelist' to keep insurance in the forefront."

Smaller associations need nudges, too, and it doesn't have to be a formal task force or committee. It can simply be individuals who recognize the value of avoiding the effects of litigation, Mother Nature, or just plain human error. "Colleagues need to recognize that the person is doing that because they want to protect the organization," offers White, "not because they somehow want to stall new products or new ideas or anything. It's a mindset of, 'Let's do it, but let's do it safely and with the proper insurance in place.'"

Douglas R. Kelly is editor of the Society of Naval Architects and Marine Engineers' Marine Technology magazine. Email: [email protected]

Check the Map

Google "risk management" and you'll get almost 85 million hits that will take you to sites offering risk-management training, tools, templates, applications, books, articles, videos, and all kinds of education related to the discipline. Organizations like the International Risk Management Institute, here in the United States, and the Institute of Risk Management, in Great Britain, provide training and continuing education to their members and customers.

Leslie White, president of Croydon Consulting, suggests that as you begin to assess your association's risk areas, you should take advantage of a tool called risk mapping, which can enable you to visually plot out risk on a map or matrix. "You basically make a chart or graph," says White, "and you put frequency on one axis and severity on the other, and you plot it. If you decide something is high frequency and high severity, obviously that's very important and that's what you want to address first.

"My rule of thumb is, anything you get in the severe quadrant on the risk map, that needs to be looked at. And even if it's a low possibility, it still could happen and you need to take steps to mitigate the risk."

You can find risk-mapping tools at many websites. One of the better ones, from mindtools.com, offers a downloadable worksheet to help you get started.