The Capital Gazette, Sandy Hook, Las Vegas, the Colorado Cinemark—active shooting incidents are becoming more frequent every year. In 2017 alone there were 346 mass shootings in the United States, compared to 270 in 2014. And as of July 31 of this ...

 

PSA Insurance and Financial Services - 5 new articles


It Can Happen to You: Why Workplace Violence Insurance is the “New Normal”

The Capital Gazette, Sandy Hook, Las Vegas, the Colorado Cinemark—active shooting incidents are becoming more frequent every year. In 2017 alone there were 346 mass shootings in the United States, compared to 270 in 2014. And as of July 31 of this year, we’ve had 202 incidents.

An active shooter event is just one type of workplace violence for which your business is vulnerable. Every year, 2 million American workers report having been victims of workplace violence. The cost to organizations is staggering. A single incident can have serious consequences, including lost lives, psychological trauma to victims that can manifest or last months or years after an incident, physical damage to your building, and lost productivity.

If workplace violence does happen in your business, resuming your normal operations after a traumatic attack can be extremely difficult (if not impossible). You would likely face questions such as: Will the police investigation delay my ability to access the premises? How long will my operations be down? Is temporary security needed? When will employees be healthy enough to return to work so business can resume? Will I recover lost business income if I cannot continue operations?

Even if you get satisfactory answers to most of these questions, relying on your standard business insurance policies to cover your losses might leave you paying the bills. If you think your standard business policies will cover these expenses, you may want to think again. As an insurance and risk management professional, I’ve thoroughly analyzed traditional business policies and have found a number of shocking and expensive gaps in coverage.

Workers’ Compensation, Business Interruption, and General Liability insurance are usually insufficient for fully paying all costs related to a workplace violence event. But, there is good news. Workplace Violence insurance is becoming increasingly available on the market to help your organization recover. Below, I detail some of the most prevalent gaps in various traditional policies, and offer some insights on how those can be covered with Workplace Violence insurance.

Workers’ Compensation

If an employee is severely injured—whether by gunshot or other means—that employee will typically be covered by Workers’ Compensation. But what about employees who witnessed their coworker getting shot? Will they have the equanimity to work without fear, to return to everyday life without psychological scarring? Depending in which state your business is operating, Workers’ Compensation might not cover psychiatric care without a physical injury.

Think of the Pine Kirk Nursing Center shooting, which happened just last year: employees barricaded themselves in rooms to hide away—a traumatic experience in which they feared for their lives—while gunshots rang throughout the nursing center. The state they worked in, Ohio, does not provide Workers’ Compensation for mental trauma unless that trauma is caused by a physical injury—so these employees, who remained physically unscathed, had no coverage for the psychiatric care they likely needed.

This is where a good Workplace Violence policy is a must. Regardless of what state your business is in, you would have coverage for the psychiatric medical bills of your employees.

Business Interruption

If you experience a loss and therefore can’t conduct business, you’ll be covered under the Business Interruption section of your Property policy, right? Not necessarily.

What if an event is so horrific that you have to close your business despite the lack of any physical property damage that would force you out of business? That’s a business decision—not a covered loss under the Business Interruption policy. The Pulse Nightclub, for example, closed in 2016 due to its horrific shooting incidence. They didn’t close because they couldn’t conduct business; they closed because the shooting was so emotionally devastating for employees and patrons. In this case, Business Interruption coverage was limited at best.

It doesn’t matter what your reason was to close your business, Workplace Violence insurance would pay for lost business income up to your policy limits.

General Liability

General Liability insurance won’t automatically cover third parties. But why should you care? Their expenses are irrelevant to you, right? In most cases, no—you should care very much about the impact this type of event can have on your business partners, vendors, and clients. In addition to being compassionate and a good citizen, covering third parties makes good business sense to avoid lawsuits and protect your reputation.

Lawsuits

If hurt on your premises, third parties are not prohibited from bringing an action against you for negligence. They may allege you didn’t take proper precautions to keep them safe. Lawsuits can last for years, and if they win, your General Liability policy will likely pay for covered damages and expenses up to the policy limits—but you will still likely end up paying for additional expenses that are not covered by General Liability. However, other than possibly defense expenses, the General Liability policy will not pay damages unless you are negligent.

Hence, you would be much better off having Workplace Violence insurance, which is more suitable for covering a wide range of violence-related exposures to third parties.

For instance, if you have a Workplace Violence policy, it will be used first to provide coverage before your General Liability insurance applies, and it protects you whether you are negligent or not. It will allow you to pay medical and funeral expenses, as well as a variety of other third party expenses, immediately following the incident. This may provide quick and compassionate relief to victims.

Goodwill

You should care about the third party’s well-being and want to respond in a positive way, as it also impacts your reputation. If you have Workplace Violence insurance, the crisis management services will help manage the chaos during the day of the incident and provide medical benefits to third parties who happened to be on your premises at the time. The alternative—leaving medical bills and funeral expenses to victims and their families—can be much worse, causing a public relations nightmare and permanent damage to your brand.

For example, in the wake of the Colorado Cinemark 2012 shooting, while victims were reeling in the painful aftermath of losing loved ones and the trauma of being attacked, medical bills and funeral expenses were piling up. Courts found that Cinemark was not liable—so the bills and expenses were left to the victims. Cinemark’s reputation suffered, and they were also left with paying the legal fees exceeding $700,000.

The solutionWorkplace Violence Insurance

These are just a few major exposures that Workplace Violence insurance would cover. But a well-written policy can also include coverage options for temporary security for your business, psychiatric care for witnesses, and media management.

However, not all Workplace Violence policies are equal. A good policy in general should cover exposures for liability and extra expenses related specifically to violent incidents. Make sure to work with an experienced insurance advisor who is familiar with your business to design the right policy for your needs. If you need assistance analyzing your existing coverage and identifying the most appropriate Workplace Violence policy for your business, feel free to reach out to me at ncouncill@psafinancial.com or at 410-825-1411 x101.

The post It Can Happen to You: Why Workplace Violence Insurance is the “New Normal” appeared first on PSA Insurance and Financial Services.

 

Taxable & Nontaxable Fringe Benefits: A Refresher (Benefit Minute)

This issue of the Benefit Minute summarizes the taxability of common fringe benefits that are provided to employees by employers. It reflects changes made by the Tax Cuts and Jobs Act.  Many of these items are described in IRS Publication 15-B, Employer’s Tax Guide to Fringe Benefits.

Health & Accident Benefits

In general, both an employer’s contribution to employees’ accident and health coverage and payments made under an accident or health plan are nontaxable as long as such amounts are payments for medical expenses or payments for specific permanent injuries.  However, some amounts are taxable, including payments that exceed actual medical expenses incurred, certain payments made to highly compensated employees under a self-insured health plan that discriminates in favor of these individuals and the cost of coverage provided to individuals who are not the employee’s spouse, child (under age 27) or dependent for health plan purposes.

The cost of employer-paid group term life insurance up to $50,000 of coverage is nontaxable.  Coverage in excess of $50,000 must be imputed as income to the employee using the rates set forth in IRS Table I.   If the group term life insurance discriminates in favor of key employees, the key employees lose the exclusion and are taxed on all employer-paid coverage at the higher of the actual premium cost or the Table I cost.  In some cases, employees may be taxed on the cost of group term life insurance coverage they purchase for themselves if the premium rates charged by the insurance carrier straddle the Table I rates.  The imputed income amount is the Table I cost of the coverage less any post-tax amounts paid by the employee.

Wellness Benefits

Wellness rewards tied to a group health plan are generally non-taxable.  These include increased employer contributions to the cost of health coverage, enhanced health benefits, higher health reimbursement account (HRA) allocations and larger health savings account (HSA) employer contributions.  However, these amounts may be taxable to certain employees if provided on a discriminatory basis.  Wellness rewards provided in cash (including gift cards and other items readily convertible into cash) or in the form of goods and services that are not medical care are also taxable at the fair market value.  The only exception for goods and services is if the value of the non-cash reward is so small that it would be unreasonable to account for it.  The cost of employer-provided gym memberships (whether paid in full by the employer or subsidized at a fixed amount) are taxable to employees.  Use of athletic facilities on the employer’s premises is nontaxable to employees; however, beginning in 2018, tax-exempt employers will owe unrelated business income tax (UBIT) on the cost of providing an onsite athletic facility if it primarily benefits employees who are highly compensated.

Educational Assistance

Up to $5,250 in nontaxable benefits may be provided to an employee each year under an educational assistance program.  An educational assistance program is a written program for an employee’s educational expenses, including tuition, books, fees and supplies.  Both undergraduate and graduate level courses may be paid or reimbursed, whether or not related to an employee’s current job responsibilities.  The program cannot discriminate in favor of highly compensated employees.  In addition, an employer may provide nontaxable education benefits to an employee if the education serves a bona fide business purpose of the employer or maintains or improves the skills needed by an employee in his current job position.  Student loan repayments made by an employer (either directly or as reimbursement) are taxable income to an employee.

Commuting Benefits

Qualified transportation benefits may be provided on a nontaxable basis as either an employer-paid benefit or through a compensation reduction agreement (pre-tax benefit).  Qualified transportation benefits include parking, transit passes and commuter highway vehicles (vanpools) and are nontaxable up to a limit of $260 per month.  Separate limits apply for parking and for transit passes/vanpools.  These benefits may be provided directly or through a reimbursement arrangement; however, cash reimbursement for a transit pass is only permitted if the transit pass is not available for direct distribution by the employer.

Beginning in 2018, no employer tax deduction is allowed for qualified transportation benefits, whether employer-paid or through a compensation reduction agreement.   Tax-exempt employers will owe unrelated business income tax on the cost of qualified transportation benefits provided to employees.

Achievement Awards

The value of tangible personal property provided to an employee during a meaningful presentation as an award for either length of service or safety achievement is nontaxable to the employee if the value of the award is $1,600 or less for qualified plan awards or $400 or less for other awards. An award of cash, cash equivalent, gift card or gift certificate in any amount is taxable income to an employee.  In addition, awards in the form of vacations, meals, lodgings, tickets to sporting events and other similar items are also taxable.

Employer-provided Meals

Meals for employees that are furnished on the business premises of the employer for a substantial business reason are nontaxable.  Substantial business reason may include meals furnished to food service employees during or immediately before or after working hours, meals furnished to employees who must be available for emergency calls during the meal period and meals when the work demands a short meal period.  In addition, occasional meals provided to employees may be nontaxable if they are de minimis benefits as described below.   Beginning in 2018, the 50% employer deduction limit for food and beverages also applies to these occasional meals provided by an employer.  However, meal expenses related to employee recreation (such as holiday parties or annual picnics) are not subject to the 50% limit on deductions when incurred primarily for the benefit of nonhighly compensated employees.

Other Benefits

De minimis benefits such as occasional use of business copy machines and printers, meals, holiday and birthday gifts of low value, and occasional tickets are nontaxable as long as they have so little value that it would be unreasonable or administratively impracticable to account for them.  Cash and cash equivalents are always taxable.

Services offered to customers in the ordinary course of business may be provided as a nontaxable benefit to employees as long as the employer does not incur substantial additional to provide the service to employees and the service is made available on the same terms to both highly compensated and nonhighly compensated employees.

The post Taxable & Nontaxable Fringe Benefits: A Refresher (Benefit Minute) appeared first on PSA Insurance and Financial Services.

 

PSA on Wheelz

 

“I remember my grandmother volunteering for Meals on Wheels (MOW) when I was younger,” Matt Werden, PSA Employee Benefits advisor, recalls. “And listening to Ellen Falk, Director of Volunteer Services at MOW of Central Maryland, at one of our internal non-profit lunch-and-learn events about volunteer opportunities with MOW, something just created a spark in me. I knew I wanted to get more involved.”

PSA has been partnering with MOW, volunteering periodically for a few years now. But most recently, we’ve ramped up our support under Matt’s leadership by organizing a more concerted effort to get more PSA employees to participate. Every month over 40 team members consistently dedicate their lunch breaks to delivering meals to 5-6 homebound clients on each route, who struggle to cook or leave their house to go shopping.

“It’s the best feeling to make a difference in someone else’s life,” says Jamie Nash, PSA’s Operations Manager, who has been volunteering with MOW for over 13 years. “But the coolest thing about volunteering during your lunch hour is the time that you get to spend with your colleagues and get to bond with them more,” Jamie continues. This not only creates a better culture, but it also improves our abilities to better serve our clients.”

“The interactions you have with the people you deliver to is the most rewarding part,” Matt continues. “It might be the only interaction that person has all day. And if you can bring a smile to their face during that 2-3 minute conversation, that’s what you remember the most.”

“They’re [PSA employees] very kind,” one client testifies. “They all do a great, great job.” We are thankful for the kind words and thrilled to be able to make a difference and help our community.

The post PSA on Wheelz appeared first on PSA Insurance and Financial Services.

 

Hard Hats and Firewalls: The Surprising Linkage between Cyber Risk Management and Workplace Safety (Part II)

As mentioned in the first installment of this blog series, cyber risk management has become a mission-critical activity for a long-term viability of any organization, which should be driven by leadership and involve all technology users. But often, building and implementing a cyber risk management strategy is quite challenging for non-technical executives. To help, in our last post, we identified five common, proven workplace safety culture strategies with which most organizations are likely familiar and can use to improve their cyber risk management plan. Here are four more proven best practices.

1. Workplace Safety Culture Strategy: Near-miss Investigations

The best-in-class safety efforts include an analysis of all near-miss incidents. If an employee was almost hit by a falling object, that incident should be investigated as thoroughly as if the employee was actually injured. This allows the root-cause to be uncovered and allows corrective actions to be taken. Then, you should share the lesson learned company-wide to avoid a repeat incident BEFORE it results in a large loss.

Cyber Risk Management Strategy: Ongoing Preventive Cybersecurity Awareness Efforts

With the increasing number of cyber security threats, most businesses have already experienced some type of event that could have resulted in a cybersecurity failure. In some cases, a cyber savvy employee was the hero; in other cases, perhaps it was pure luck that a major cyber failure was avoided. Sharing the lessons learned from these near-miss incidences with your employees helps them develop a heightened awareness and an understanding of how to protect your organization from potential cyber incidences during their daily activities.

2. Workplace Safety Culture Strategy: Post-Incident Investigation

When an injury or accident does occur, a root-cause incident investigation should typically be conducted, which analyses the chain of events. It often uncovers several issues that cumulatively caused the accident. With this information in hand, you can prevent future incidents from reoccurring by implementing corrective actions to all contributing factors.

Cyber Risk Management Strategy: Incident Response Planning – Lessons Learned

Every organization should have a documented Incident Response Plan (IRP) that provides guidance during a privacy event or cyber incident. I highly recommend developing your IRP in close coordination with legal counsel experienced in cyber security, data and privacy laws and regulations. A good plan typically includes a section dedicated to Lessons Learned, as well as other critical elements, including incident response team roles and responsibilities, detection, incident assessment, communications strategy, and recovery.

The Lessons Learned section helps the organization look back at an incident and determine what happened, how it happened, how your organization was impacted and what you could do to prevent a similar incident. It is important to share with leadership the information gathered post-incident and the resulting corrective actions. Make sure you also discuss these cases during your regular employee cybersecurity awareness trainings. Case studies of actual incidents can even be included in the organization’s IRP as playbooks to help the organization quickly respond to similar events in the future.

The first step to Cyber Insurance under 3 minutes

3. Workplace Safety Culture Strategy: Create a Safety Committee

An effective safety committee allows input from all stakeholders in the company at all levels, including vendors and subcontractors. These meetings are an opportunity to get feedback and implement preventive measures. Additionally, an effective committee improves both communication and understanding of expectations. As needed, sub-committees can be developed to work on specific projects (e.g.: ergonomics, fleet safety, etc.).

Cyber Risk Management Strategy: Identify Cyber Champions

Cyber champions are individuals from each business unit within the organization that help spread and reinforce the cyber risk management philosophy of the organization from the bottom up. They can be the same individuals serving on the cyber security policy development team or different individuals serving as an extension of the team. Cyber champions are included in cyber risk management briefings and should meet as a group on a regular basis. Their responsibilities should be clearly defined, and everyone in the organization should know the individuals serving in this role.

4. Employee Safety Strategy: Site Surveys/Audits

The old adage, “Trust, but verify” is appropriate here. Site surveys and audits allow you to verify that the processes you have are effective. As you identify weaknesses, you can implement corrective actions.

Cyber Risk Management Strategy: Cyber Risk Review, Assessments and Vulnerability Scanning

An important step required to improve cyber risk management is to identify the essential technology and digital assets that need to be protected, and the business implications if a critical asset is exposed, damaged or disrupted. As part of this step, most organizations should conduct:

  • A high level risk review, which helps key stakeholders begin to build a cyber risk profile for the organization and focus on the possible business impacts.
  • Cyber risk assessments, which take a deeper and more thorough dive into the cyber risk management capabilities and exposures of an organization to help identify possible weaknesses and provide more complete information about where improvements should be made.
  • Vulnerability scans, which help automate the process of searching for known weaknesses in technology before they are found by a malicious actor.

These reviews, assessments and scans should be conducted on a regular basis to help your organization improve cyber risk management activities. Many of these practices are becoming more common, as they are being required by regulations such as the Health Information Portability and Accountability Act (HIPAA), New York Department of Financial Services Cyber Security Regulation, Payment Card Industry Data Security Standard (PCI DSS), and others.

If you need any assistance with building and implementing a cyber risk management plan, contact mvolk@psafinancial.com. For questions related to employee safety, contact spomponi@psafinancial.com.

 

The post Hard Hats and Firewalls: The Surprising Linkage between Cyber Risk Management and Workplace Safety (Part II) appeared first on PSA Insurance and Financial Services.

 

Hard Hats and Firewalls: The Surprising Linkage Between Cyber Risk Management and Workplace Safety (Part I)

If you’ve experienced a cyber event or data breach, or you understand how easy it is for one to occur, then you know that cyber risk management has become a mission-critical activity. However, unlike traditional risk management — for things like employee safety culture or physical security — cyber risk management has only recently started to shift from a technical task to an organizational priority that is driven by leadership and involves all technology users. And, given the complex nature of modern networks and reliance on internet connectivity, cyber risk management is particularly challenging.

But here’s the good news: You probably know more about cyber risk management than you realize. While there are no guaranteed solutions to predict all risks or completely eliminate threats, managing cyber risk can become a bit more familiar when viewed through the lens of traditional risk management.

To help make these connections a bit more apparent, as the head of PSA’s Cyber Risk Management practice, I teamed up with our Safety Expert, Steve Pomponi, to identify nine common, proven workplace safety culture strategies that can be successfully applied to cyber security management.

If these employee safety culture strategies that Steve has identified during his 28 years of experience in the field are effective in managing physical risks, we have reason to believe they will be effective in managing digital risks as well. Accordingly, we use the past performance of employee safety strategies as a guide for identifying equivalent or similarly effective cyber safety techniques.

In this first post of a two-part series, we’ll discuss four examples you can use to improve your cyber risks management strategies.

1. Employee Safety Culture Strategy: Top Management’s Commitment 

It is critical for any well-managed employee injury prevention program to have top management’s commitment to developing a vision, strategy, goals, accountability metrics, and performance benchmarks, and providing necessary resources.

Cyber Risk Management Strategy: Elevate Cyber Security to an Organizational Leadership Responsibility

An effective strategy is to appoint a chief information security officer to oversee all aspects of cyber risk management. If this is not possible for your organization, you may also consider working with a consultant or designating another C-suite executive with this role (as long as they are given the appropriate support). This separates cyber risk management from IT functions, and sets the tone for the organization that cyber risk management is a top priority.

2. Employee Safety Culture Strategy: Employee Involvement

Yes, safety starts at the top, but injury prevention must also be integrated into the employees’ daily work routine. This includes creating opportunities for employee feedback, educating them about why they should care, and providing necessary resources.

Cyber Risk Management Strategy: Build a Cross-Functional Cyber Security Policy Development Team

Similarly, your overall cyber risk management philosophy and policies must be driven by leadership, but it cannot be implemented without direct stakeholder involvement. Create a cyber risk management policy development team that incorporates representatives from every major business unit. This will help align cyber security objectives with business goals and improve buy-in throughout the organization. This team can play an important role in revising policies, educating users, enforcing procedures, and identifying conflicts between policies and the business environment early on in the implementation process.

The first step to Cyber Insurance under 3 minutes

3. Employee Safety Culture Strategy: Employee Screening

Since data shows that employees using drugs or alcohol are more likely to make mistakes, criminal background checks and drug screenings are common best practices to avoid hiring an unfit candidate.

Cyber Risk Management Strategy: Integrating Cyber Security into Human Resource Practices

Make sure everyone who has access to your systems containing sensitive information is trustworthy and able to avoid mistakes, which could result in a costly and damaging data breach. This is not only a traditional risk management strategy; it is also specifically identified as an “Information Protection Process & Procedures” best practice in the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).

4. Employee Safety Culture Strategy: Employee Orientation

Depending on the nature of your business, you probably educate your new hires during onboarding about your company’s safety philosophy, preventive measures, expectations, and reporting procedures. Your organization might also be providing task-specific education for each high-hazard activity, such as ladder use, or using a machinery.

Cyber Risk Management Strategy: Cyber Security Employee Orientation

Ideally, your organization should also have a standalone cyber risk management policy that at a minimum documents acceptable technology use policies, discusses how sensitive data should be handled, and describes cyber security roles and responsibilities of all users. Distributing this policy is not enough. It should also be discussed as part of your onboarding process, which will help everyone understand what is expected of their specific role as well as provide them actionable information about what to do if and when something does go wrong. This communication can also serve as the foundation of future cyber risk management awareness training.

Stay tuned for five more workplace safety culture strategies in the second part of this blog series to help improve your cyber risk management practices.

In the meantime, if you have any questions or need assistance with your cyber risk management, contact mvolk@psafinancial.com. For questions related to employee safety, contact spomponi@psafinancial.com.

The post Hard Hats and Firewalls: The Surprising Linkage Between Cyber Risk Management and Workplace Safety (Part I) appeared first on PSA Insurance and Financial Services.