Tag: Insurance Coverage

Will Your Company’s Insurance Cover Losses Due to Phishing and Social Engineering Fraud?

Six Tips for Evaluating and Seeking Coverage for Business Email Compromises

If your company fell victim to a business email compromise – a scam that frequently involves hackers fraudulently impersonating a corporate officer, vendor, business partner, or others, getting companies to wire money to the hackers – would your insurance cover your loss?  There is reason to be concerned about this sort of attack, as the FBI has explained that the “scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses” in actual and attempted losses in U.S. dollars.  The good news for policyholders is that courts across the country have been ruling that crime insurance policies should provide coverage for this sort of loss, at least where it is not specifically excluded.

How do business email compromises work?

In early versions of business email compromises, the hackers send emails that appear to be from company executives, discussing corporate acquisitions, or other financial transactions, and are received by company employees in the finance department.  See, e.g.Medidata Sols., Inc. v. Federal Ins. Co., 268 F. Supp. 3d 471 (S.D.N.Y. 2017), aff’d, — F. App’x — (2d Cir. 2018).  The employee is told that the transaction is highly confidential, and that the employee should work closely with an attorney or other financial advisor to help close the deal.  The employee then is told to wire money to cover the costs of the transaction, very often to a foreign country.  Having been defrauded, the employee logs in to an online banking site, and approves a wire transfer.

In other versions of a business email compromise, hackers get access to email accounts of one party, sometimes via a brute force attack where an attacker breaks into a system by guessing a password, or via a phishing attackwhere a user is fooled into typing a username and password into a fraudulent site.  Then, the hacker sends out emails from the compromised account, pretending to be a vendor, and asking for payment to be sent to a different bank account.  See, e.g.Am. Tooling Center, Inc. v. Travelers Cas. & Sur. Co. of Am., — F.3d — (6th Cir. 2018).  Again, having been defrauded, the employee has money wired to the fraudster, instead of to the vendor.

Will insurance cover losses due to business email compromises?

The answer to whether insurance carriers will cover these losses – without court intervention – is “it depends.”  Recent decisions have ordered insurance carriers to provide coverage.  And the insurance industry has been scrambling to write new endorsements for their insurance policies that the insurance companies say provide coverage for business email compromises.

A common place for seeking coverage for these losses is under crime insurance policies.  Many crime insurance policies include coverage for “computer fraud,” “funds transfer fraud,” or even “computer and funds transfer fraud.”  Exemplar “computer fraud” coverage applies to “direct loss” of money resulting from the fraudulent entry, change, or deletion of computer data, or when a computer is used to cause money to be transferred fraudulently.  Exemplar “funds transfer fraud” coverage applies to “direct loss” of money caused by a message that was received initially by the policyholder, which purports to have been sent by an employee, but was sent fraudulently by someone else, that directs a financial institution to transfer money.  A reasonable policyholder, which fell victim to a fraudulent scheme via a computer, or transferred funds because of a fraudulent scheme, likely would think that computer and funds transfer fraud coverages would apply to the losses.

What have courts said?

Two recent decisions from federal courts of appeal have resulted in coverage under crime policies for business email compromise losses.

The first is the July 6, 2018 opinion issued in Medidata Solutions, Inc. v. Federal Insurance Co., No. 17-2492 (2d Cir.).  The Medidata trial court ruled that a crime insurance policy provides coverage for a fraudulent scheme and wire transfer.  The Court of Appeals for the Second Circuit affirmed the trial court’s decision.  In Medidata, the policyholder’s employees received emails that purported and appeared to be from high level company personnel but were, in fact, sent by fraudsters.  Based on those emails, and messages from purported outside counsel, Medidata wired nearly $5 million to the fraudsters.  It sought coverage under a crime policy that it bought from Chubb that had computer fraud, funds transfer fraud, and other coverages.  The trial court ruled that computer fraud and funds transfer fraud coverages both applied.  It rejected the arguments that the loss was not “direct” because there were steps in between the original fraudulent message and the wiring of funds.

On appeal, the Second Circuit ruled that Medidata’s loss was “direct” under the insurance policy language.  “Federal Insurance further argue[d],” as carriers have done in many business email compromise cases, “that Medidata did not sustain a ‘direct loss’ as a result of the spoofing attack, within the meaning of the policy.”  Slip op. at 3.  The Court of Appeals held that because “[t]he spoofed emails directed Medidata employees to transfer funds in accordance with an acquisition, and the employees made the transfer that same day,” the loss wasdirect.  Id.  The court rejected the insurance carrier’s argument that the loss was not direct because “the Medidata employees themselves had to take action to effectuate the transfer”; the employees’ actions were not “sufficient to sever the causal relationship between the spoofing attack and the losses incurred.”  Slip op. at 3.  The Court of Appeals did not address the trial court’s ruling that funds transfer fraud coverage applied, “[h]aving concluded the Medidata’s losses were covered under the computer fraud provision.”  Id.

Shortly after Medidata was issued, the Sixth Circuit decided on July 13, 2018 that computer fraud coverage applies to losses resulting from a business email compromise in American Tooling Center, Inc. v. Travelers Casualty & Surety Co., No. 17-2014 (6th Cir.).  There, the policyholder (ATC) wired money to fraudsters, instead of a vendor, because of a business email compromise.  The Sixth Circuit reversed the district court, ruling that the losses are “direct,” covered by crime insurance.

In a decision that will be published, the Court of Appeals held there was “‘direct loss’ [that] was ‘directly caused’ by the computer fraud,” even though the policyholder had engaged in “multiple internal actions” and “signed into the banking portal and manually entered the fraudulent banking information emailed by the impersonator” after receiving the initial fraudulent emails.  Id.

Holding that coverage applied, the Sixth Circuit distinguished the Eleventh Circuit’s decision regarding computer fraud coverage in Interactive Communications v. Great American, No. 17-11712, ___ F. App’x ___, 2018 WL 2149769 (11th Cir. May 10, 2018).  Id. at 9-10.  After the policyholder in American Tooling had “received the fraudulent email at step one,” it “conducted a series of internal actions, all induced by the fraudulent email, which led to the transfer of the money to the impersonator at step two.”  The loss occurred at step two; as such, “the computer fraud ‘directly caused’ [the policyholder’s] ‘direct loss.’”  Id. at 10.  By contrast, the Sixth Circuit explained, the policyholder in Interactive Communications only suffered losses at step four in a significantly more complicated chain of events.  See id. at 9-10.

These decisions are great news for policyholders pursuing coverage under crime policies for losses resulting from business email compromises.  And, in light of this new authority, policyholders would be well-advised to examine denial letters carefully, giving due consideration to whether these decisions could be used to argue in favor of coverage.

What options are available to policyholders going forward?

Cynical viewers of insurance history might view the state of coverage as similar to what the industry has done in the past.  That is, initially, cover new claims under “old” policies.  Then, after claims get expensive, hire coverage counsel to tell courts why the carriers must not have meant to cover these new claims (whether the drafting history reflects such an intent or not).  Next, get insurance regulators to approve exclusions purportedly tailored explicitly to the risk, and, at the same time, sell new policy endorsements (often for additional premium) that provide lower limits of coverage for the risk.

That’s what is happening in connection with insurance for business email compromises.  At least one insurance group that drafts crime insurance policies has asked for a definition of computer and funds transfer fraud to be changed, and a new social engineering fraud endorsement to be approved for sale.  Insurers have rolled out these endorsements with limits of coverage that often are capped at low amounts, and might also have high retentions.  These endorsements frequently are available for crime policies and, sometimes, are available for cyberinsurance policies as well.

So what are some options for policyholders trying to structure an insurance program for these risks?  These questions should provide helpful tips:

1. What does the insurance policy include? Policyholders would be well-advised to see whether the insurance program includes social engineering fraud endorsements or coverage parts.

2. What are the applicable limits? Policyholders would be well-advised to check the policy limits that would apply to those coverages.  Binder letters might not disclose a sublimit, and the policyholder might not realize the limit of coverage is lower than the full policy limit until it is too late.

3. Are coverages available under more than one policy? At the time of policy renewal, policyholders would be well-advised to consider asking whether social engineering fraud coverage can be added to a crime program and a cyberinsurance program.

4. Will excess coverage apply, and, if so, when? Policyholders would be well-advised to explore whether excess policies will provide this coverage, and, if so, will “drop down” to attach at the level of any sublimit, to avoid donut holes in the coverage.

5. Will other policy provisions provide coverage, beyond narrow endorsements? If the policyholder faces a claim, policyholders would be well-advised to determine whether other coverages might apply to the losses, notwithstanding a social engineering fraud endorsement.

6. What happens if the insurance carrier says, “no,” or that sublimits apply? If the insurance carrier denies coverage, or tries to apply a sublimit, policyholders would be well-advised to be mindful of the interpretation that two Courts of Appeals have used for computer fraud coverage in similar contexts.

 

© 2018 BARNES & THORNBURG LLP
This post was written by Scott N. Godes of Barnes & Thornburg LLP.

Insurance Coverage Issues for Cyber-Physical Risks

internet of thingsThe recent National Institute of Standards and Technology (NIST)publication of cybersecurity guidance for the Internet of Things (IoT) is a useful reminder that hacking incidents can result not only in privacy breaches, but also in bodily injury or property damage — via critical infrastructure, medical devices and hospital equipment, networked home appliances, or even children’s toys. In addition to enhanced system security engineering and preventive education efforts, insurance is an increasingly essential component in any enterprise risk management approach to cyber vulnerabilities. But purchasers of cyber insurance are finding that nearly all of the available cyber insurance products expressly exclude coverage for physical bodily injury and property damage.

These exclusions are no doubt assumed to “dovetail” with (i.e., to avoid duplicating) the bodily injury and property damage coverage traditionally afforded by general liability and first-party property insurance policies. But it is not always clear whether those more conventional policies cover bodily injury or property damage arising from a cyber-related peril (so-called “cyber-physical” risks). Unless an insurance program specifically addresses these risks, the determination of coverage for physical harm from a cyber-attack may depend on a close reading of policy language and a fact-intensive analysis of how the harm arose.

Policyholders would be well advised to understand the potential cyber-physical risks they face; to analyze all their current lines of coverage to determine whether and how each would respond to those risks; to seek clarifications in their current insurance wordings; to explore new “difference in conditions” insurance products designed to plug any gaps in coverage for such risks; and, ultimately, to expect disputes with their insurers if these novel cyber-physical harms should materialize.

ARTICLE BY John G. Buchanan III & Dustin Cho of Covington & Burling LLP

© 2016 Covington & Burling LLP

Insurer Bound by Policyholder’s Settlement of Questionable Liability Case

Neal, Gerber & Eisenberg LLP‘s Jill Berkeley recently had an article, Insurer Bound by Policyholder’s Settlement of Questionable Liability Case, published in The National Law Review:

In Home Federal Savings Bank v. Ticor Title Insurance CompanyNo. 1:10-cv-0999 (Sept. 6, 2012), the Seventh Circuit held that the policyholder mortgage company was entitled to be reimbursed for settling a potentially covered mechanics lien action, even when it had a meritorious defense.  The court emphasized that the choice to settle rather than risk paying for litigation and possibly losing priority of its security interest was the prerogative of the insured, when faced with abandonment by its insurer.  The insured specifically purchased coverage for subsequently filed mechanics liens to cover the risk of litigation costs of defense.  “As we see the case, Home Federal was seeking only the peace of mind it had paid for, not a windfall.”

The court affirmed the longstanding Indiana rule that when an insured elects to settle a third party claim after the insurer has wrongfully denied, the settlement is binding on the insurer so long as the claim was within the policy’s coverage and the settlement was reasonable and made in good faith.  Therefore, the Seventh Circuit reversed the ruling of the district court, finding that the court should have granted the insured’s motion for summary judgment and denied the insurer’s motion.

© 2012 Neal, Gerber & Eisenberg LLP

Negotiating Your Law Firm’s Malpractice Insurance: How to Avoid Purchasing the “Never Pay Policy”

Recently posted at the National Law Review from Scott F. Bertschi of Arnall Golden Gregory LLP and John C. Tanner of  McGriff, Seibels, & Williams, Inc.- some very concrete things to look for when puchasing legal malpractice coverage: 

Far too many attorneys treat the purchase of malpractice insurance like that of an off-the-rack commodity.  The purchasing decision is guided largely by cost, advertising, or the relative ease of the application process.  Ironically, few attorneys actually read their own malpractice insurance policy until after they receive a claim. 

Instead, many law firms rely on assumptions in purchasing coverage and then set the policies aside, at least until a claim is made.  Then, the terms and conditions become all important, and that is precisely the time when you, as the insured, can do little to affect the coverage that may or may not be afforded under the policy.

The malpractice policies available in today’s commercial market vary greatly and insurance companies are more willing than ever to negotiate specific terms and conditions that can address the unique risks faced by you and your firm.  While the best way to take advantage of this opportunity is to use an experienced broker who will solely represent your law firm’s interests, this article provides a general roadmap for law firm administrators, general counsels, and managing partners to use in negotiating professional liability coverage.

1.         Don’t start off on the wrong foot.

The terms of coverage begin with the application process and, if you are not careful, coverage can end there as well.  The answers you provide on the application are used by the insurance company to determine the premium charged and the specific terms under which the insurance company is willing to insure you.  Of particular importance are questions regarding the areas of law in which your firm practices and whether any of the attorneys in the firm are aware of any circumstances that could result in a claim.

The temptation is to give these questions short shrift.  A full and complete answer usually requires a great deal of factual investigation, such as a review of past financial information to determine a break-down of revenues by type of work, and a polling of each attorney as to the knowledge of the existence of potential claims. 

Most off-the-rack malpractice insurance policies are written such that the insurer can rescind the policy in the event any of the application answers are incorrect.  Importantly, the insurance company doesn’t necessarily need to prove the firm intended to provide an incorrect answer.  Instead, an insurance policy can usually be rescinded for innocent mistakes in the application so long as the insurance company would not have offered the policy at the same premium or would have changed the terms if the correct answers were given. 

If the policy is rescinded, no claims made under that policy period would be covered, even if the claim is wholly unrelated to the mistake on the application.  Innocent insureds, not directly involved in the application process, are also at risk.  Additionally, rescission can make it challenging for the firm to obtain insurance in the future.

Accordingly, treat the application process like your coverage depends on it.  Specifically, the firm should commit the time and attention to the process necessary to get the answers correct.  If a question is unclear, ask for clarification.  Many insurers today will offer contract wording in the policy specifically protecting innocent insureds against rescission risk.  Once again, this is a process in which an experienced broker can greatly assist.

2.         What you know (or should know) can hurt you.

Legal malpractice policies, like most professional liability policies, are written on a “claims-made” basis.  Coverage under a “claims-made” policy depends primarily on when the claim was made, rather than when the error or loss occurred.  This creates a potential moral hazard: a prospective insured, knowing he committed an error, could purchase a claims-made policy before the claim is made and obtain coverage for a known loss.  Clauses called “prior knowledge provisions” are intended to protect insurers against this hazard. 

A typical prior knowledge provision states that claims based on errors occurring prior to the policy period are not covered if any insured had a reasonable basis to believe that a claim could be made.  Courts in many states apply an objective standard to determine whether an insured had such “prior” knowledge.   Thus, the question is not whether you specifically thought a claim would be made, but whether a ”reasonable insured,” knowing what you know, would believe that a claim is possible.  Moreover, depending on the policy wording, the knowledge of one attorney can eliminate coverage for all insureds, even those who do not have any “prior” knowledge.

When purchasing a legal malpractice policy, determine whether the prior knowledge provision contains a “continuity clause.”  This savings clause states the claim will be covered unless the insured had knowledge of the potential claim prior to the first policy issued by the insurer to your firm, rather than prior to the current policy period.  If possible, you should also seek policy language limiting the prior knowledge provision to a subjective standard requiring proof of fraud and otherwise protecting innocent insureds. 

In addition, most policies include provisions allowing insureds to provide a “notice of circumstance” to the insurer of potential claims – even if no claim has been made yet – specifically providing that any future claim arising out of that circumstance will be treated as a claim made during the current policy year.  Such a provision gives you greater flexibility when changing insurers, but pay close attention to the policy specificity requirements for reporting potential claims.     

3.         Prior Acts

Sometimes insurance companies also address the moral hazard inherent in “claims-made” policies by only covering claims based on errors occurring after a certain date, sometimes called a “retroactive” date or a “prior acts” date.  For previously uninsured firms or lawyers, most insurers will insist on a retroactive date equivalent to the policy inception date. 

Moreover, firms changing insurers often have the option of reducing the premium by agreeing to a retroactive date.  While this certainly limits the amount of coverage, the limitation can be offset by purchasing “tail” coverage from your current insurer.  “Tail” coverage, sometimes called an extended reporting period, extends the time in which a claim can be made and reported under an expiring policy for errors occurring prior to the policy expiration.  

Determining when an alleged error occurred is not always an easy task, however, and alleged breaches of care can span multiple policy periods.  If your firm nevertheless intends to change insurers, a qualified broker can help you calculate the most effective mix of retroactive date and tail coverage to maximize savings and minimize exposure to gaps in coverage.

4.         If a claim is made in the forest, and the insurer isn’t there to hear it, does it make a sound?

As discussed above, almost all legal malpractice policies on the market today are “claims-made” policies and apply only to claims made during the policy period.  Some, however, add the requirement that the claim be reported to the insurer during the policy period as well.  Such policies are aptly called “claims-made-and-reported” policies. 

In contrast to standard notice conditions that require the insured to report a claim “as soon as practicable,” numerous courts have  held that the reporting requirement in a claims-made-and-reported policy defines the scope of coverage, rather than states a condition for coverage.  What this means in practical terms is that the insurance company can disclaim coverage based on a failure to timely report the claim regardless of whether the delay caused the insurance company any prejudice.  Some policies flatly require reporting prior to the end of the policy period, while others provide that the claim must be reported within a 30 or 60 day time period after the policy expired. 

Another important consideration is the interaction of the reporting requirement and renewals.  Some policies specifically permit the reporting of a claim during the policy or any renewal policy, while others are silent on the subject leading to the possibility of a disclaimer, even when the renewal is with the same insurer.   

It is imperative that you establish a claim reporting procedure to ensure that all “claims” as defined in the policy are promptly brought to the attention of the firm’s risk manager or managing partner and reported prior to the policy reporting deadline.  Some insurers will agree to soften the claim reporting wording by requiring notice as soon as practicable after the individual in the firm charged with managing insurance and claims first learns of the “claim,” but few will agree to a prejudice standard or an unlimited timeframe for reporting post policy period.     

5.         Professional Services

As the name implies, a lawyers’ professional liability insurance policy covers just that: a lawyer’s professional liability.  Accordingly, it should not be surprising that such policies do not cover all liability a lawyer may face, merely because she is a lawyer.  Instead, it is well established that such policies only cover those risks that are inherent in the practice of law.  But what exactly does that mean?

Lawyers engage in a variety of law-related tasks that are not necessarily limited to lawyers.  For example, lawyers frequently act as title agents, trustees, conservators, administrators, arbitrators, and mediators.  Some firms today now have document management divisions or affiliated e-discovery and information technology companies.  The practice of law has expanded and continues to evolve over time.

Most legal malpractice policies specifically define the term “professional services.”  Be sure to check your particular policy definition against the activities your firm’s lawyers undertake.  Be especially careful when any of the lawyers in your firm have dual professional licenses, such as a lawyer who is also a CPA.  It is best to address such issues up front to avoid a surprise when the insurer disclaims coverage for a claim, contending that the alleged wrongdoing did not arise out of the lawyer’s rendering of “professional services.”

6.         Modern Day “Damages”

The typical legal malpractice policy limits coverage to claims for “damages.”  While that word seems innocuous, it frequently carries an express definition that serves to substantively limit what is covered. 

For example, many policies define the term “damages” to specifically exclude fines, penalties, sanctions, non-monetary relief, amounts demanded as the return of a payment of legal fees, or even the disgorgement of “funds wrongfully obtained.”  Most of these limitations are based upon the proposition that a liability insurance policy is designed to protect an insured from liability to another person, as opposed to a loss of the insured’s profit. 

One area usually open for negotiation is coverage for punitive or exemplary damages.  Of course, public policy places an outer limit on what types of punitive damages a policy can insure, but many states permit insurance for at least some types of punitive damages, such as those imposed vicariously. Many insurers today will provide coverage for punitive damages where insurable and subject to an insurability determination under the most favorable venue for such coverage. 

An emerging area of interest to law firms is coverage for Rule 11 or other discovery sanctions, as well as other “damages” arising out of claims of abusive or frivolous litigation.  While most insurers have historically excluded coverage for all fines, penalties, or sanctions, a few innovative insurers today have shown a willingness to offer a coverage sublimit to defend lawyers against such allegations.  Law firms can be jointly liable for an individual lawyer’s sanction-able conduct, and settlement exposure to claims of abusive or frivolous litigation is real.   Unfortunately, few firms today have adequate insurance protection in this area, and when available, it comes with an additional premium. 

7.         Intentional Acts Exclusion

Similar to the limitations on the insurability of punitive damages, public policy may limit an insurance company’s ability to cover liability based on an insured’s malicious, fraudulent, or dishonest acts.  Accordingly, every policy will invariably exclude such liability.  The problem is that legal malpractice claims frequently include intentional tort claims (such as breach of fiduciary duty) in addition to professional negligence.  The scope of coverage afforded such intentional allegations can vary greatly from one policy to the next. 

First, some policies exclude all coverage for such acts, including a defense to claims alleging fraudulent conduct even if the insured protests his innocence.  Under such policies, a common malpractice claim alleging both negligence and breach of fiduciary duty raises coverage issues at the outset because of the intentional breach of duty claim.

Other policies provide a so-called “courtesy defense,” under which a defense is provided until such time as the alleged fraudulent conduct is established by an adjudication or an admission.  Under such policies, the insurer may still insist on some allocation or insured contribution to a settlement of allegations of negligence when coupled with alleged intentional wrongdoing.  If possible, try to negotiate wording in your policy providing coverage for defense and settlement of alleged wrongdoing unless there is a final adjudication of such intentional wrongdoing in the underlying malpractice case, or in an action or proceeding other than a declaratory judgment proceeding brought by or against the insurer to determine the scope of insurance coverage.

Policies may also differ on the applicability of the exclusion to so-called “innocent insureds.”  Most exclusions apply to any claims “arising out of” the excluded conduct.  Courts generally hold that the “arising out of” language extends the scope of such exclusions even to negligence claims predicated on the intentional conduct, such as negligent hiring and supervision claims.  In other words, if your partner steals a client’s money, you are not covered even if you had no part in the theft.  Fortunately, many policies contain “innocent insured provisions” aimed at ameliorating this result.  These provisions waive the intentional acts exclusion for those insureds who did not actively participate in, and were not aware of, the excluded conduct.

8.         Business Enterprise Exclusion

Most lawyers familiar with the basic tenets of conflicts law know it is risky to represent a corporation in which an insured owns an interest.  Similarly, most seasoned lawyers know that such a situation can be rife with practical difficulty when the business enterprise fails. 

Insurers are aware of these problems as well and typically exclude claims made by any business enterprise in which any insured owns an interest or with respect to any enterprise operated, managed, or controlled by any insured.  The stated purpose of such an exclusion is to prevent an insured from transferring his own business loss to his legal malpractice insurer.  But the exclusions are not typically limited to claims against the particular lawyer who has the ownership interest and, instead, include claims by that enterprise against any lawyer in the firm.  Many insurers, however, are willing to negotiate this exclusion and give back coverage for some or all of such risks assuming the issue is raised and negotiated up front.   You should carefully evaluate the firm’s and its lawyers’ business interests each year in the underwriting process. 

9.         Coverage for Ethics Complaints & Disciplinary Proceedings

In addition to coverage for a lawyer’s monetary liability to a client or others, some legal malpractice insurance policies also pay for a defense to an ethics complaint or bar grievance.  Such coverage provides an obvious benefit over those policies lacking grievance coverage. 

Disciplinary proceedings and grievance coverage can differ between insurers as to whether the insured is permitted to choose his counsel, what control the insurance company retains over the defense, and whether there is a limit on the fees for such a defense. 

Many policies limit the coverage to a sublimit of $25,000-$50,000.  There is typically no retention or deductible applicable to such coverage, but the policy may only reimburse the insured after the successful conclusion of the proceeding.

10.       A defense by any other name does not necessarily smell as sweet.

Finally, but certainly not least important, all firms should carefully evaluate the defense provided by the insurance policy in the event of a claim.  The vast majority of legal malpractice claims are resolved with no payment to the claimant.  While this is good news for lawyers, it emphasizes the significance of the defense of such claims.  In short, the cost of the defense is often greater than the ultimate payment of the claim.  When you consider the fact that insurance policies vary greatly regarding the defense obligation, it becomes clear that this issue is rife with pitfalls.  Specifically, policies vary in two main respects. 

First, determine whether the limits of liability are “eroded” or “exhausted” by defense costs.  Under some policies, sometimes called “burning limits policies,” each dollar spent in the defense of the claim reduces by a dollar the amount available to pay a judgment or settlement.  Of course, purchasing a “burning limits” policy allows your firm to save on premiums, but it carries with it a risk that the limits will ultimately be insufficient should a claim involve a lengthy defense. 

Second, understand whether you or the insurance company chooses defense counsel and controls the defense.  Many legal malpractice policies are so-called “duty to defend” policies, which means that it is the insurance company’s right and obligation to defend the claim.  Typically, the right to defend carries with it the right to select defense counsel, and insurers often have negotiated volume discount rates with certain defense firms.  The “duty to defend” obligation is extremely broad, frequently said to require a defense of the entire claim if any part of the claim is potentially within the scope of coverage.  

On the other hand, so-called “indemnity for loss” policies simply reimburse your expenses incurred in the defense.  In such situations, the insured is generally afforded the right to select counsel and control the defense, but the insurer may require advance consent or agreement by your selected defense firm to negotiated lower rates or to predetermined litigation management guidelines.  The insurer may also take the position that it is not responsible for defending uncovered claims or allegations.

Many policies also include a “hammer clause” giving the insurer substantial leverage in the context of a potential claim settlement.  Such clauses in essence permit the insurer to withdraw its defense and cap its policy limit at any settlement amount recommended by the insurer and otherwise acceptable to the claimant.

Conclusion

Ultimately, there is no one “best” policy for all firms or any specific category of firms.  Instead, a firm’s legal malpractice policy should be carefully tailored to the specific activities undertaken by the firm and the firm’s individual financial situation.  Of course, insurance deals with the uncertainties of the future, and it is impossible to know now precisely what coverage you will need next year.  But you can maximize your odds by addressing your firm’s needs upfront and spending the time and effort to negotiate the scope of the policy before it is issued. 

© 2011 Arnall Golden Gregory, LLP and McGriff, Seibels, & Williams, Inc. All rights reserved.