- Email: [email protected]
Determining Insurance Requirements
11 Determining Insurance Requirements Insurance has become part of the overall loss prevention plan supporting proper security. . . . The more comprehensive the security plan, the lower the cost of the insurance. —Robert J. Fisher and Gion Green, Introduction to Security, Seventh Edition, Butterworth-Heinemann, 2004
Having once been employed by what the Wall Street Journal described as “the world’s largest insurance brokerage firm,” this author is aware of just how little I know about the complex business of insurance. Nevertheless, working with some of the industry’s most outstanding brokers and risk managers from a number of Fortune 500 companies does give one an appreciation for, and some insight into, the vital role insurance plays in risk analysis and management. The reader is cautioned, however, that this chapter is only a brief introduction to some aspects of insurance of which the security professional should be aware. The advice of competent insurance professionals should always be obtained before deciding on, recommending, or considering insurance matters.
Risk Management Defined Risk management can be defined as the process by which an entity identifies its potential losses and then decides what is the best way to manage these potential losses. Once a risk is identified, analyzed, and evaluated, the optimum method of treating the risk can be chosen and put into effect. Security-related losses can occur as a result of a variety of factors, such as internal and external theft and manmade or natural disasters. Also, losses through fire, safety problems, and product or third-party liability are some of the immediate concerns of corporate risk managers. A properly performed risk analysis can be used for many things, but its end result is a definition of the effect risks have on a particular company, in terms of the company’s potential for loss. The analysis should tell where, when, and how the risk is likely to be incurred. It should also indicate the extent of loss or liability if the risk does in fact occur and how badly the company would be injured. The risk manager can then design a program to cover the potential losses, exposures, and liabilities. In dealing with most risks, the company is faced with three basic options: The risk can be avoided, eliminated, or reduced to manageable proportions. The risk can be assumed or retained.
l l
91
92 RISK ANALYSIS AND THE SECURITY SURVEY
The risk can be transferred to a third party. (Transfer to a third party generally implies transfer of liability to an insurance carrier.)
l
Risk Control The process of eliminating or reducing risk to manageable proportions is somewhat selfexplanatory. This is usually done by programming security and safety procedures to do away with problems or to reduce them to acceptable or manageable levels of severity. This is commonly referred to as loss prevention or control. By assuming the risk, the company makes itself liable for the loss, if any, that may be incurred. If the potential loss is deemed to be within the limits of an expected and otherwise acceptable dollar figure, the risk may be acknowledged and left alone. No effort is made to control, eliminate, or minimize the risk. No action is taken to correct the situation, and no insurance is purchased to cover it. In some cases, a company may develop some form of self-insurance, whereby the exposure or liability is assumed by the company itself. In most instances of risk assumption or retention, the risk is perceived to be small enough that management is willing to assume total responsibility and absorb, out of operating expenses, any losses that may occur—the rationale being that the cure would be worse than the disease. This is especially true in retail stores in which the costs of some losses can be passed on to the consumer. This is sometimes referred to as “the cost of doing business.” When a company transfers a risk, the risk manager, who usually works in conjunction with an insurance broker, endeavors to find the best insurance program available from carriers in the marketplace that provide the needed type of coverage. This is no simple task; it includes, among other things, determining the best deductible and premium payments available, which in the case of large companies often run into the millions of dollars annually. A risk manager is constantly faced with the problem of the selection of the best method (or if necessary, some combination of methods) of handling each identifiable risk. Regardless of the method or combination of methods used, some basic considerations affect most insurance programs. To be insurable, a risk must substantially meet the following requirements: The risk should be worth the cost and effort to insure. The risks are calculable, through large numbers of similar risks. l Losses can be clearly established as to occurrences and amounts. (This is especially important to the security professional who usually investigates the loss in question.) l Losses must be accidental in nature, unexpected, and unintentional on the part of the insured. l l
Crime Insurance Crime insurance is usually obtained to supplement a company’s security program. Although the presence or absence of insurance has no deterrent effect on crime, it does
Chapter 11 l Determining Insurance Requirements 93
reimburse the company in whole or in part for losses sustained in a burglary or robbery or from internal theft. Crime insurance should, like other coverage, be tailored to meet the specific needs of the client. As one insurance broker advises, “If you want to know exactly what your crime insurance policy covers, ask what it doesn’t cover.” At a minimum, most crime insurance programs begin with a “3D policy”—comprehensive dishonesty, disappearance, and destruction—a blanket crime or broad-form storekeepers’ policy. This coverage will usually reimburse a company for losses due to employee dishonesty or counterfeit currency, as well as for loss of money, securities, or merchandise through robbery, burglary, or mysterious disappearance. These policies also generally cover certain types of check forgery and damage to the premises or equipment resulting from a break-in. Some forms of specialized crime insurance coverage usually available for consideration include the following: Mercantile safe-burglary policy: covers loss of money, securities, and valuables from a safe or vault, and pays for damage to the container and any other property damage as a result of a burglary. l Mercantile open-stock policy: mostly used by retail firms as coverage against burglary or theft of merchandise, furniture, fixtures, and equipment on premises, and pays for damage to property resulting from a burglary. l Fidelity bonds: reimburse the employer for loss due to embezzlement and employee theft of money, securities, and other property. (Bonds cover certain positions; employees who directly handle money, cash receipts, and merchandise are often bonded.) l Forgery bonds: reimburse merchants and banks for any loss sustained from the forgery of business checks. l
Insurance premiums vary for these programs according to the type of business, store location, number of employees, maximum cash values, amount of security equipment (such as alarms) installed on the premises, and prior losses. Merchants operating in some high-risk crime areas and thus needing insurance are often the least able to afford the coverage due to high premiums. Further, it is difficult to find insurance companies willing to underwrite crime coverage in high-risk crime areas. Companies that experience a number of robberies or burglaries usually face escalating premiums or, worse, canceled policies. For many small businesses and commercial enterprises, insurance and an antiquated burglar alarm may be the only form of protection affordable. For large companies and corporations, things are much different. It is generally believed by knowledgeable corporate management, especially risk managers, that insurance should be used for protection only against risk that cannot be avoided or controlled through the effective use of property, casualty, and security techniques. (In the insurance industry, property protection is synonymous with fire, and casualty is synonymous with safety.) This change in philosophy has come into vogue because more and more managers are getting the message that loss prevention, through
94 RISK ANALYSIS AND THE SECURITY SURVEY
risk avoidance, elimination, or control, is the best approach for the preservation of corporate assets. It is also recognized that most insurance programs do not fully compensate a firm for a loss, regardless of the type of coverage. A vice president of a large California construction company complained bitterly because the police were unable to send a detective to one of the firm’s construction sites— a newly developed industrial park—to take a report and conduct an investigation into the theft of a $15,000 compressor that had been delivered to the site the day before. The police officer explained that he would have to take the report over the telephone. Further conversation with the officer revealed that little active investigation would be conducted in a case of this nature: it was regarded, the officer said, as “a problem between you and your insurance company.” What the officer was not aware of, and what the vice president soon found out, was that the construction company’s insurance policy had a $100,000 deductible clause—the theft of the $15,000 compressor would not be covered! The big problem, the vice president lamented, was not so much the cash outlay for a new compressor as the time it would take for delivery, which was going to cause him major difficulties in meeting his contracted deadline. What this example illustrates is that management must become more interested in avoiding loss, and not rest with the comfortable thought that the company is insured against “any and all eventualities.” There is no insurance company of which we are aware that would insure this vice president against the mental aggravation he went through; he is now, however, a believer in loss-control procedures as a solution to these kinds of problems. A word about deductibles: these clauses are intended to reduce the cost of insurance premiums by deliberately excluding small, frequent losses while covering large, serious ones. The premiums are less expensive for two reasons: small claims are excluded if they fall under the dollar amount of the deductible, and the carrier’s administrative cost of settling claims is also reduced. It is neither the intent of this text nor the purpose of this chapter to do more than explain some basic insurance considerations that most security professionals need to understand in order to do their job properly. Further information can be obtained by contacting the local chapter of the Risk Insurance Management Society (RIMS). The address and telephone number of the RIMS national headquarters is listed later in this chapter. Another good source is the business section of the public library. There is, however, one highly specialized form of insurance coverage that, because of historical developments during the past 40 years and the increase in international terrorism, should be given special consideration in this text—kidnap, ransom, and extortion insurance, known in the industry as “K & R coverage.”
K & R (Kidnap and Ransom) Coverage K & R insurance has been offered by Lloyds of London Underwriters for more than 100 years. During the 1970s, as the demand for K & R coverage increased, a number of other insurers entered this market. Generally, there is little to be concerned about with respect to the financial security offered by such companies as the American International Group
Chapter 11 l Determining Insurance Requirements 95
(AIG), Insurance Company of North America, the Chubb Insurance Company, and Lloyds Underwriters. Premium costs and the scope of coverage afforded under each of the companies’ policies are generally the basis for deciding from which carrier one decides to purchase insurance coverage. Such an analysis is normally done at the time the risk manager or broker chooses to explore insuring this risk. Because there is competition in the insurance business—not only from a premium-cost standpoint but also with regard to breadth of form—any coverage comparison here would serve little purpose. Generally, the basic coverage provides reimbursement for loss of monies surrendered as a ransom payment for actual or alleged kidnapping, or following receipt of a threat to injure or kidnap an insured person. In addition, some unique features, such as the following, are usually incorporated into the policy contract: A business premises extension reimburses for any monies that must be brought in from outside for any kidnap situation if the money is lost while it is on the premises. l A transit extension reimburses for any monies that are stolen between leaving the premises and reaching the kidnappers. l A reward extension includes coverage for monies paid to informants whose information leads to the arrest and conviction of the individuals responsible for the kidnapping or extortion. l A personal assets extension reimburses the insured for their personal assets that are used as a ransom payment if the demand is made on the insured person and not the corporation. l Negotiations, fees, and expenses reimburse for reasonable fees and expenses incurred to secure the release of a hostage, including interest on a bank loan to pay a ransom payment. l A property damage coverage extension provides coverage against threats that cause physical damage to property. l Defense costs, fees, and judgments cover costs resulting from any suit for damages brought by an insured person. The importance of this extension is underlined by an occurrence wherein a kidnapped executive later sued his employer for $185 million in damages, claiming that the employer had not exerted sufficient efforts to free him and had not taken steps to protect him from such an occurrence after being warned that the executive might be a target of abduction. l
There are some general requirements, relating to secrecy concerning the fact that the company has K & R insurance coverage, of which the security professional should be aware. Here we caution that the specific details of each policy must be studied and adhered to in the event of a kidnap; otherwise, the incident may be noninsurable. Some of these considerations include the following: The ransom or extortion demand must be specifically made against the named insured. The extortionate demand must be made during the time frame of coverage as set forth in the policy.
l l
96 RISK ANALYSIS AND THE SECURITY SURVEY
The company has taken every reasonable precaution to ensure that the existence of the coverage is not disclosed to anyone except senior officials of the corporation. l If a kidnap occurs, every reasonable effort is made to determine: 1. That an insured person has been abducted (note: not all policies cover all employees) 2. That the police or Federal Bureau of Investigation (FBI) has been notified before payment and that instructions and recommendations of the police and FBI in the best interest of the victim are accomplished to the extent possible 3. That the insurance company is notified at the earliest practical time 4. That the serial numbers of the ransom payment are recorded l
Some underwriters (insurance carriers) require that immediately upon obtaining coverage, written policy and procedural guidelines be established to eliminate the possibility of confusion with regard to the handling of these matters. Box 11.1 lists a number of topics that must be considered in establishing procedural guidelines. As will be discussed more thoroughly in Chapter 18, Crisis Management Planning for Kidnap, Ransom, and Extortion, a more prudent course of action is to develop a crisis management program specifically tailored to the requirements based on the insured corporation’s requirements. One of the benefits of such planning is to eliminate confusion before the incident occurs. Once a kidnapping occurs, confusion usually reigns supreme if there is no wellthought-out and rehearsed plan. Even under the best of circumstances, there is high drama and many emotional issues involved when a kidnapping is first reported.
BOX 11.1 EXECUTIVE PROTECTION PROGRAM OUTLINE I. Home and Family A. General information B. Telephone numbers, including cell phone and vacation numbers C. Biographical data and full descriptions (include DNA samples) D. The executive E. The executive’s spouse F. The executive’s children 1. General information 2. Babysitters 3. Schools G. Residence in general—home checklist H. Training for security awareness I. Doors and locks J. Alarm systems K. Lighting 1. Exterior 2. Interior L. Fence and barriers
Chapter 11 l Determining Insurance Requirements 97
BOX 11.1 (Continued) M. Window grilles N. Dogs O. Safe room II. Office and Work A. Premises—general B. Access control C. The executive D. Executive profile E. Employees and associates 1. Office rules and work procedures 2. Meetings F. Security guards G. Bombs 1. Surveys 2. Target hardening 3. The bomb incident 4. Letter and package bombs 5. Antibomb curtaining H. Threats 1. Telephone 2. Written I. Hostage J. Hostage calls III. Travel A. Automobile B. Chauffeurs C. Defensive driving D. Walking 1. Jogging, golfing, and tennis E. Elevators F. Taxicabs G. Aircraft 1. Company 2. Commercial H. Overseas or long-distance travel I. Reservations IV. Personal Protection A. Firearms—defense 1. Laws B. Choosing a defense weapon C. Firearms proficiency D. Weapon—method of carrying (Continued)
98 RISK ANALYSIS AND THE SECURITY SURVEY
BOX 11.1 (Continued) E. Bodyguard 1. Selection 2. Personal qualifications 3. Professional qualifications 4. Guarding—locally 5. Guarding—away from home 6. Visitor protection 7. Motorcades 8. Public appearances F. Protective clothing V. Crisis Management Team (CMT) A. Defined 1. Purpose 2. Composition 3. Scope B. Organization and planning 1. Readiness plan (prevention) 2. Contingency plan a. Worst possible case scenario 3. Training the team C. Intelligence training D. Law enforcement liaison E. Public relations considerations F. Ransom 1. Policy and procedures 2. Limitations 3. Negotiations G. Civil liability considerations 1. Injury of employee(s) 2. Wrongful death claim 3. Stockholder suits
These are some subjects that may need attention. The list is by no means exhaustive. It is our experience that a comprehensive K & R plan should be tailored to the organization, its executives, and the personnel insured. We have found no other way to ensure that all the bases are covered. And, once the plan is developed, it must be constantly reviewed and updated as events and personnel change. An outdated plan is worse than no plan at all. For serious students of risk management and security professionals who want to understand better how insurance relates to their jobs, we recommend contacting Risk Insurance Management Society (RIMS) Publishing, Inc., 1065 Avenue of the Americas, 13th Floor, New York City, NY 10018 at (212) 286-0202 and subscribing to Risk Management, a monthly magazine published by the RIMS.
Having once been employed by what the Wall Street Journal described as “the world’s largest insurance brokerage firm,” this author is aware of just how little I know about the complex business of insurance. Nevertheless, working with some of the industry’s most outstanding brokers and risk managers from a number of Fortune 500 companies does give one an appreciation for, and some insight into, the vital role insurance plays in risk analysis and management. The reader is cautioned, however, that this chapter is only a brief introduction to some aspects of insurance of which the security professional should be aware. The advice of competent insurance professionals should always be obtained before deciding on, recommending, or considering insurance matters.
Risk Management Defined Risk management can be defined as the process by which an entity identifies its potential losses and then decides what is the best way to manage these potential losses. Once a risk is identified, analyzed, and evaluated, the optimum method of treating the risk can be chosen and put into effect. Security-related losses can occur as a result of a variety of factors, such as internal and external theft and manmade or natural disasters. Also, losses through fire, safety problems, and product or third-party liability are some of the immediate concerns of corporate risk managers. A properly performed risk analysis can be used for many things, but its end result is a definition of the effect risks have on a particular company, in terms of the company’s potential for loss. The analysis should tell where, when, and how the risk is likely to be incurred. It should also indicate the extent of loss or liability if the risk does in fact occur and how badly the company would be injured. The risk manager can then design a program to cover the potential losses, exposures, and liabilities. In dealing with most risks, the company is faced with three basic options: The risk can be avoided, eliminated, or reduced to manageable proportions. The risk can be assumed or retained.
l l
91
92 RISK ANALYSIS AND THE SECURITY SURVEY
The risk can be transferred to a third party. (Transfer to a third party generally implies transfer of liability to an insurance carrier.)
l
Risk Control The process of eliminating or reducing risk to manageable proportions is somewhat selfexplanatory. This is usually done by programming security and safety procedures to do away with problems or to reduce them to acceptable or manageable levels of severity. This is commonly referred to as loss prevention or control. By assuming the risk, the company makes itself liable for the loss, if any, that may be incurred. If the potential loss is deemed to be within the limits of an expected and otherwise acceptable dollar figure, the risk may be acknowledged and left alone. No effort is made to control, eliminate, or minimize the risk. No action is taken to correct the situation, and no insurance is purchased to cover it. In some cases, a company may develop some form of self-insurance, whereby the exposure or liability is assumed by the company itself. In most instances of risk assumption or retention, the risk is perceived to be small enough that management is willing to assume total responsibility and absorb, out of operating expenses, any losses that may occur—the rationale being that the cure would be worse than the disease. This is especially true in retail stores in which the costs of some losses can be passed on to the consumer. This is sometimes referred to as “the cost of doing business.” When a company transfers a risk, the risk manager, who usually works in conjunction with an insurance broker, endeavors to find the best insurance program available from carriers in the marketplace that provide the needed type of coverage. This is no simple task; it includes, among other things, determining the best deductible and premium payments available, which in the case of large companies often run into the millions of dollars annually. A risk manager is constantly faced with the problem of the selection of the best method (or if necessary, some combination of methods) of handling each identifiable risk. Regardless of the method or combination of methods used, some basic considerations affect most insurance programs. To be insurable, a risk must substantially meet the following requirements: The risk should be worth the cost and effort to insure. The risks are calculable, through large numbers of similar risks. l Losses can be clearly established as to occurrences and amounts. (This is especially important to the security professional who usually investigates the loss in question.) l Losses must be accidental in nature, unexpected, and unintentional on the part of the insured. l l
Crime Insurance Crime insurance is usually obtained to supplement a company’s security program. Although the presence or absence of insurance has no deterrent effect on crime, it does
Chapter 11 l Determining Insurance Requirements 93
reimburse the company in whole or in part for losses sustained in a burglary or robbery or from internal theft. Crime insurance should, like other coverage, be tailored to meet the specific needs of the client. As one insurance broker advises, “If you want to know exactly what your crime insurance policy covers, ask what it doesn’t cover.” At a minimum, most crime insurance programs begin with a “3D policy”—comprehensive dishonesty, disappearance, and destruction—a blanket crime or broad-form storekeepers’ policy. This coverage will usually reimburse a company for losses due to employee dishonesty or counterfeit currency, as well as for loss of money, securities, or merchandise through robbery, burglary, or mysterious disappearance. These policies also generally cover certain types of check forgery and damage to the premises or equipment resulting from a break-in. Some forms of specialized crime insurance coverage usually available for consideration include the following: Mercantile safe-burglary policy: covers loss of money, securities, and valuables from a safe or vault, and pays for damage to the container and any other property damage as a result of a burglary. l Mercantile open-stock policy: mostly used by retail firms as coverage against burglary or theft of merchandise, furniture, fixtures, and equipment on premises, and pays for damage to property resulting from a burglary. l Fidelity bonds: reimburse the employer for loss due to embezzlement and employee theft of money, securities, and other property. (Bonds cover certain positions; employees who directly handle money, cash receipts, and merchandise are often bonded.) l Forgery bonds: reimburse merchants and banks for any loss sustained from the forgery of business checks. l
Insurance premiums vary for these programs according to the type of business, store location, number of employees, maximum cash values, amount of security equipment (such as alarms) installed on the premises, and prior losses. Merchants operating in some high-risk crime areas and thus needing insurance are often the least able to afford the coverage due to high premiums. Further, it is difficult to find insurance companies willing to underwrite crime coverage in high-risk crime areas. Companies that experience a number of robberies or burglaries usually face escalating premiums or, worse, canceled policies. For many small businesses and commercial enterprises, insurance and an antiquated burglar alarm may be the only form of protection affordable. For large companies and corporations, things are much different. It is generally believed by knowledgeable corporate management, especially risk managers, that insurance should be used for protection only against risk that cannot be avoided or controlled through the effective use of property, casualty, and security techniques. (In the insurance industry, property protection is synonymous with fire, and casualty is synonymous with safety.) This change in philosophy has come into vogue because more and more managers are getting the message that loss prevention, through
94 RISK ANALYSIS AND THE SECURITY SURVEY
risk avoidance, elimination, or control, is the best approach for the preservation of corporate assets. It is also recognized that most insurance programs do not fully compensate a firm for a loss, regardless of the type of coverage. A vice president of a large California construction company complained bitterly because the police were unable to send a detective to one of the firm’s construction sites— a newly developed industrial park—to take a report and conduct an investigation into the theft of a $15,000 compressor that had been delivered to the site the day before. The police officer explained that he would have to take the report over the telephone. Further conversation with the officer revealed that little active investigation would be conducted in a case of this nature: it was regarded, the officer said, as “a problem between you and your insurance company.” What the officer was not aware of, and what the vice president soon found out, was that the construction company’s insurance policy had a $100,000 deductible clause—the theft of the $15,000 compressor would not be covered! The big problem, the vice president lamented, was not so much the cash outlay for a new compressor as the time it would take for delivery, which was going to cause him major difficulties in meeting his contracted deadline. What this example illustrates is that management must become more interested in avoiding loss, and not rest with the comfortable thought that the company is insured against “any and all eventualities.” There is no insurance company of which we are aware that would insure this vice president against the mental aggravation he went through; he is now, however, a believer in loss-control procedures as a solution to these kinds of problems. A word about deductibles: these clauses are intended to reduce the cost of insurance premiums by deliberately excluding small, frequent losses while covering large, serious ones. The premiums are less expensive for two reasons: small claims are excluded if they fall under the dollar amount of the deductible, and the carrier’s administrative cost of settling claims is also reduced. It is neither the intent of this text nor the purpose of this chapter to do more than explain some basic insurance considerations that most security professionals need to understand in order to do their job properly. Further information can be obtained by contacting the local chapter of the Risk Insurance Management Society (RIMS). The address and telephone number of the RIMS national headquarters is listed later in this chapter. Another good source is the business section of the public library. There is, however, one highly specialized form of insurance coverage that, because of historical developments during the past 40 years and the increase in international terrorism, should be given special consideration in this text—kidnap, ransom, and extortion insurance, known in the industry as “K & R coverage.”
K & R (Kidnap and Ransom) Coverage K & R insurance has been offered by Lloyds of London Underwriters for more than 100 years. During the 1970s, as the demand for K & R coverage increased, a number of other insurers entered this market. Generally, there is little to be concerned about with respect to the financial security offered by such companies as the American International Group
Chapter 11 l Determining Insurance Requirements 95
(AIG), Insurance Company of North America, the Chubb Insurance Company, and Lloyds Underwriters. Premium costs and the scope of coverage afforded under each of the companies’ policies are generally the basis for deciding from which carrier one decides to purchase insurance coverage. Such an analysis is normally done at the time the risk manager or broker chooses to explore insuring this risk. Because there is competition in the insurance business—not only from a premium-cost standpoint but also with regard to breadth of form—any coverage comparison here would serve little purpose. Generally, the basic coverage provides reimbursement for loss of monies surrendered as a ransom payment for actual or alleged kidnapping, or following receipt of a threat to injure or kidnap an insured person. In addition, some unique features, such as the following, are usually incorporated into the policy contract: A business premises extension reimburses for any monies that must be brought in from outside for any kidnap situation if the money is lost while it is on the premises. l A transit extension reimburses for any monies that are stolen between leaving the premises and reaching the kidnappers. l A reward extension includes coverage for monies paid to informants whose information leads to the arrest and conviction of the individuals responsible for the kidnapping or extortion. l A personal assets extension reimburses the insured for their personal assets that are used as a ransom payment if the demand is made on the insured person and not the corporation. l Negotiations, fees, and expenses reimburse for reasonable fees and expenses incurred to secure the release of a hostage, including interest on a bank loan to pay a ransom payment. l A property damage coverage extension provides coverage against threats that cause physical damage to property. l Defense costs, fees, and judgments cover costs resulting from any suit for damages brought by an insured person. The importance of this extension is underlined by an occurrence wherein a kidnapped executive later sued his employer for $185 million in damages, claiming that the employer had not exerted sufficient efforts to free him and had not taken steps to protect him from such an occurrence after being warned that the executive might be a target of abduction. l
There are some general requirements, relating to secrecy concerning the fact that the company has K & R insurance coverage, of which the security professional should be aware. Here we caution that the specific details of each policy must be studied and adhered to in the event of a kidnap; otherwise, the incident may be noninsurable. Some of these considerations include the following: The ransom or extortion demand must be specifically made against the named insured. The extortionate demand must be made during the time frame of coverage as set forth in the policy.
l l
96 RISK ANALYSIS AND THE SECURITY SURVEY
The company has taken every reasonable precaution to ensure that the existence of the coverage is not disclosed to anyone except senior officials of the corporation. l If a kidnap occurs, every reasonable effort is made to determine: 1. That an insured person has been abducted (note: not all policies cover all employees) 2. That the police or Federal Bureau of Investigation (FBI) has been notified before payment and that instructions and recommendations of the police and FBI in the best interest of the victim are accomplished to the extent possible 3. That the insurance company is notified at the earliest practical time 4. That the serial numbers of the ransom payment are recorded l
Some underwriters (insurance carriers) require that immediately upon obtaining coverage, written policy and procedural guidelines be established to eliminate the possibility of confusion with regard to the handling of these matters. Box 11.1 lists a number of topics that must be considered in establishing procedural guidelines. As will be discussed more thoroughly in Chapter 18, Crisis Management Planning for Kidnap, Ransom, and Extortion, a more prudent course of action is to develop a crisis management program specifically tailored to the requirements based on the insured corporation’s requirements. One of the benefits of such planning is to eliminate confusion before the incident occurs. Once a kidnapping occurs, confusion usually reigns supreme if there is no wellthought-out and rehearsed plan. Even under the best of circumstances, there is high drama and many emotional issues involved when a kidnapping is first reported.
BOX 11.1 EXECUTIVE PROTECTION PROGRAM OUTLINE I. Home and Family A. General information B. Telephone numbers, including cell phone and vacation numbers C. Biographical data and full descriptions (include DNA samples) D. The executive E. The executive’s spouse F. The executive’s children 1. General information 2. Babysitters 3. Schools G. Residence in general—home checklist H. Training for security awareness I. Doors and locks J. Alarm systems K. Lighting 1. Exterior 2. Interior L. Fence and barriers
Chapter 11 l Determining Insurance Requirements 97
BOX 11.1 (Continued) M. Window grilles N. Dogs O. Safe room II. Office and Work A. Premises—general B. Access control C. The executive D. Executive profile E. Employees and associates 1. Office rules and work procedures 2. Meetings F. Security guards G. Bombs 1. Surveys 2. Target hardening 3. The bomb incident 4. Letter and package bombs 5. Antibomb curtaining H. Threats 1. Telephone 2. Written I. Hostage J. Hostage calls III. Travel A. Automobile B. Chauffeurs C. Defensive driving D. Walking 1. Jogging, golfing, and tennis E. Elevators F. Taxicabs G. Aircraft 1. Company 2. Commercial H. Overseas or long-distance travel I. Reservations IV. Personal Protection A. Firearms—defense 1. Laws B. Choosing a defense weapon C. Firearms proficiency D. Weapon—method of carrying (Continued)
98 RISK ANALYSIS AND THE SECURITY SURVEY
BOX 11.1 (Continued) E. Bodyguard 1. Selection 2. Personal qualifications 3. Professional qualifications 4. Guarding—locally 5. Guarding—away from home 6. Visitor protection 7. Motorcades 8. Public appearances F. Protective clothing V. Crisis Management Team (CMT) A. Defined 1. Purpose 2. Composition 3. Scope B. Organization and planning 1. Readiness plan (prevention) 2. Contingency plan a. Worst possible case scenario 3. Training the team C. Intelligence training D. Law enforcement liaison E. Public relations considerations F. Ransom 1. Policy and procedures 2. Limitations 3. Negotiations G. Civil liability considerations 1. Injury of employee(s) 2. Wrongful death claim 3. Stockholder suits
These are some subjects that may need attention. The list is by no means exhaustive. It is our experience that a comprehensive K & R plan should be tailored to the organization, its executives, and the personnel insured. We have found no other way to ensure that all the bases are covered. And, once the plan is developed, it must be constantly reviewed and updated as events and personnel change. An outdated plan is worse than no plan at all. For serious students of risk management and security professionals who want to understand better how insurance relates to their jobs, we recommend contacting Risk Insurance Management Society (RIMS) Publishing, Inc., 1065 Avenue of the Americas, 13th Floor, New York City, NY 10018 at (212) 286-0202 and subscribing to Risk Management, a monthly magazine published by the RIMS.