Forming an important part of Jersey's regulatory regime, Ocorian Manager, Natacha Kay and Assistant Manager, Hilary Surcouf examine why local financial services firms should ensure they have sufficient Professional Indemnity Insurance ("PII") in place and fully understand the terms of that cover as the amended Codes of Practice come into force on 1 June 2019.
Professional Indemnity Insurance: An insurance policy designed to protect professionals and business owners when found to be at fault for a specific event such as misjudgement.
In context: PII
In 2017, the Jersey Financial Services Commission ("JFSC") undertook a review of PII arrangements in place for a selection of 50 licence holders across the sectors it regulates, including Funds Services Business and Trust Company Business. In 2018, the results were issued highlighting the need for an increased focus on PII arrangements by the boards of relevant entities registered under the Financial Services (Jersey) Law 1998 ("FSJL") when reviewing the adequacy of their cover. An updated guidance note ("Guidance Note") was then issued to assist registered persons in this regard.
Subsequently, the JFSC sought feedback from the industry through a public consultation to amendments to the respective Codes of Practice (the "Codes"). This included proposed amendments to be made to align the PII provisions within the Codes between the sectors. The amendments were confirmed in the ensuing feedback paper and the amended Codes will come in to force on 1 June 2019, however, the JFSC recognise that following this date full compliance will not be required until the next renewal date for an entity's PII policy.
Themes of the updates
The updates looked to:
- address the circumstances in which a registered person must notify the JFSC in the writing of any limitations in its PII policy;
- provide clarifications around "adequate PII cover" when a complaint is made against a registered person to the Financial Services Ombudsman; and
- clarify the period that "run off" PII should cover where a registered person ceases to conduct a class of financial services business.
Why revisit your PII?
Whilst underinsurance and breaches of the Codes are not punishable by financial penalty, inadequate insurance cover could be costly if a valid claim is excluded, potentially leaving directors funding their own defence.
The language in insurance policy documents can also be complex and variable. For this reason, many of us, even for our own personal insurances, do not completely understand the cover we have acquired. This can be exaggerated in the funds environment where coverage may come from a promoter's group policy issued in their home jurisdiction.
Given that there is no financial services compensation scheme in Jersey (other than for bank deposits and recognised funds) the JFSC has given increased focus on PII arrangements, cementing its expectations that local firms and licensed entities should give sufficient attention to their policies and to have the necessary understanding of the specifics.
Importance of establishing primary cover
Frequently entities have separate Director & Officers liability insurance ("D&O") and PII cover with different insurers. In many cases, directors will benefit from "Outside Directorships Liability" cover from their employer's PII policy, for example. It is therefore beneficial to review both D&O and PII policies to establish and identify which policy is the primary cover, seeking clarity from your insurer as to whether amendments should be made to either of the policies to mitigate claims being bounced between insurers.
Insuring a modern world
PII becomes particularly relevant when considering the rapidly evolving nature of technology. The JFSC identified a number of specific exclusions which could materially limit the levels of cover in place for entities, one of which was the loss or theft of documents as a consequence of cybercrime.
This is of particular concern following the findings of a survey and review of the legal and regulatory landscape conducted by Allen & Overy LLP and Willis Towers Watson, titled Directors' Liability - D&O: Personal Exposure to Global Risk. It found that 44% of respondents confirmed they had experienced either a significant cyber-attack or a sizeable data loss in 2018. This figure is almost double that of the 2017 findings and compounded by, for the first time, cyber-attack and data loss/breaches topping the list of risks that directors are most concerned about, overtaking regulatory and other investigations.
The implementation of the General Data Protection Regulation ("GDPR") in May 2018 also highlights that careful consideration must be given as to whether risk management and insurance policies adequately account for vicarious liability cases relating to, for example, data leaks.
What is required?
It is of increasing importance to ensure that insurance cover is adequate and sufficient for a business' unique needs at all times and whilst an insurance broker owes a duty of care to its client, it is the responsibility of the board to ensure that the PII cover is appropriate. In the pursuit of adequate cover, the JFSC considers it good practice for boards to delegate to an individual director the responsibility of:
- reviewing the level of cover;
- reviewing the cover's adequacy in view of the entity's activities; and
- reporting findings back to the board.
The revised codes require a registered person to have the following insurance arrangements in place:
- adequate cover, commensurate with its business activities, including PII extended to include fidelity guarantee (dishonesty or fraud) insurance and D&O;
- PII must include negligence and errors or omissions by a registered person;
- a registered person must not enter into, arrange, claim on or make a payment under a contract of insurance that is intended to have, or has or would have, the effect of indemnifying any person against all or part of a financial penalty imposed by the JFSC;
- PII cover must be written on a "claims made" basis including costs and expenses and, so far as lawful, must include legal defence costs and loss of theft of documents (liability and costs of replacement, reinstatement, restoration or reconstruction of data);
- where the aggregate level of PII cover is depleted as a result of a claim on the policy and the remaining cover would not be considered adequate or commensurate for the business activities;
- any excess per claim must not reduce the limit of indemnity payable under the policy that would render the remaining coverage inadequate;
- the circumstances when the registered person must notify the JFSC in writing of any material limitations, including, an inability to obtain adequate and satisfactory PII cover, where the aggregate level of PII cover is depleted following a claim and is no longer considered adequate and when the policy is cancelled; and
- appropriate run-off PII cover should be arranged in respect of claims arising from past acts or omissions with an expectation from the JFSC for such coverage to be in place for a period of three and six years. Details of the run-off cover are required in the cessation of business plan which is subject to JFSC consent.
Points for consideration
Whilst the limit(s) of indemnity may be deemed adequate and compliant with the relevant JFSC Codes, there may be limitations to cover as well as exclusions which should be given due consideration to any retroactive dates, as well as exclusions of claims directly or indirectly resulting from breaches of the AML/CFT Handbook.
Promoters often have a group policy under which themselves, as investment advisor/manager, will be covered as well as all those vehicles under their management. In this circumstance, whilst this has many advantages, consideration should also be given to potential issues which may arise, such as:
- an entity(ies) not being named in the policy;
- over reliance on the promoter's group policy and/or broker to assess adequacy of cover;
- dual cover and primary policy not established;
- sufficient level of indemnity where multiple claims from different group entities could exhaust cover;
- exclusion restricting the ability of one entity to claim against another where both are under the same cover; and
- little or no knowledge of Jersey regulation and the need to comply with the Codes and guidance notes set out by the JFSC.
Your broker should engage with the Board to present the insurance proposal and facilitate the questioning of adequacy to ensure the terms of cover are in line with both your understanding and the JFSC's guidance.
Typically, for fund services businesses the minimum level of cover for PII and D&O insurance is calculated by reference to the assets under management of the underlying fund and may be obtained in separate policies or in a blended policy.
The JFSC is considering the current requirements of each of the Codes in respect of the limits of indemnity, to ensure they remain appropriate. However, it falls on the board of each relevant entity to ensure that their PII cover is adequate and sufficient.
Ocorian Fund Services have established relationships with leading insurance brokers in Jersey and can act as a conduit in sourcing advice on the appropriate insurance cover for our clients and their fund structures. This advice could also extend to a review of existing cover and policy documents to ensure entities are adequately covered and compliant with the relevant Codes.
Insurance brokers would naturally be the first point of contact when considering any insurance required and Ocorian can assist with all administrative matters, making introductions to well-regarded insurance brokers in the event further assistance is needed. Contact our representatives to discuss how Ocorian could help you.