Emerging threats can make standard professional policies and directors and officers (D&O) insurance a little less standard. As banking’s liability landscape evolves, community banks should review their coverage and update it as appropriate.
Professional liability vs. D&O
Most banks carry both professional liability coverage and D&O insurance. Both cover bank liabilities but in different ways.
Professional liability coverage—sometimes called errors and omissions (E&O)—protects a bank against liability in three areas: lending, professional services and trusts.
Lender liability coverage protects against the financial consequences of breach of contract, misrepresentation related to the issuance of a loan and wrongful foreclosure, says Jerry Keup, CPCU, national underwriting officer for banks at Travelers.
Professional services coverage addresses damages from errors and omissions a bank might make during fee-based financial services, such as wire transfers, brokerage services, tax planning, wealth planning, data processing or the work of in-house insurance agencies.
Trust E&O coverage does the same for any errors and omissions made in a bank’s trust activities. “[Within trust E&O coverage,] the claims we see most often are allegations against the bank for selling trust assets [at too low of a price or for managing the trust assets] in ways that aren’t consistent with what’s in the trust agreement,” Keup says.
A directors and officers (D&O) policy, by contrast, protects a bank’s board members and employees against allegations of mismanagement, errors and omissions. It also protects the personal assets of directors, officers and employees if they’re sued for alleged wrongdoing while managing the bank, says Tina Hobbs, assistant vice president for underwriting at AmTrust Financial Services.
“D&O insurance is a necessity to help banks attract and retain [quality executives and board members],” Keup says. “It lets people confidently serve as organization leaders without worrying about potential costs.”
What should policies include?
According to Hobbs, a typical management liability policy combines coverage of D&O, lender, employment practices, fiduciary and professional liability. Coverage against cyber risks typically comes from a separate policy.
Hobbs and Keup agree that banks should look for specific expertise in the financial sector when choosing an insurer. Hobbs points out that community banks can have high potential exposure, much of it industry specific. Choosing an insurer that can structure comprehensive coverage around a bank’s needs “can make the difference in a covered versus an uncovered claim,” she says.
According to Keup, “Banks live in an uncertain environment.” Insurance carriers that have long track records with community banks are most likely to understand the best ways to structure their policies. He adds that banks should look for carriers with strong balance sheets and a consistent claims-paying reputation with claims attorneys who specialize in banks.
A local presence can be helpful, too, because it helps the bank and the insurer form a closer relationship.
Costs can vary
Santa Cruz County Bank in Santa Cruz, Calif., typically gets quotes via its broker for expiring policies from three or four insurance companies, all of them with industry expertise in writing policies for an institution of its size. “We might go to a broker, someone who can source more deals for us because they have more relationships in the industry,” says Maxwell Sinclair, chief risk officer for the $1.71 billion-asset community bank. His bank might pay between $139,000 and $145,000 in annual premiums for D&O coverage, around $24,000 for financial institution bond insurance and about $40,000 for cyber coverage.
How much a bank pays depends in part on how its infrastructure is set up and whether it’s had any claims. Sinclair says insurance companies want to see the threat intelligence a bank uses to monitor potential threats, training provided across the enterprise, multifactorial authentication and various cybersecurity tools that will prevent people from hacking or breaking in. Each year, Santa Cruz County Bank’s internal audit team conducts vulnerability and penetration testing along with an Information Technology General Controls review as part of its IT governance process.
Where it makes sense, it can be helpful for all of a bank’s coverage to come from a single company. According to Keup, some carriers also have strong property insurance and casualty insurance capabilities, so a bank can have all coverages with the same company.
Which risks might spur policy assessment?
Cyber liability coverage continues to evolve, Keup says, and it’s also important to stay up to date on D&O and lender liability claims in commercial real estate. For publicly traded institutions, heightened volatility in bank stocks has persisted since the bank failures in March 2023. Negative earnings announcements during this period have led to stock drop claims from investors on the D&O policy. Banks should also review D&O policies for any regulatory exclusions that might matter before or after a bank failure, as well as around carve backs for banks in receivership, Hobbs says.
For Santa Cruz County Bank, areas of focus include cybersecurity, compliance, operations and reputation risk. Due to its relation to insurance coverage, Sinclair highlights the importance of monitoring “reputation risk—a director doing or saying something that would affect the bank’s reputation,” he says. Santa Cruz County Bank is also focused on mitigating any potential breaches of fiduciary responsibility and covering possible BSA/AML errors.
“Knowing our customers is very important, as is insuring against the possibility that we’ll miss something,” Sinclair says. “The bank could get fined by regulators or be subject to possible enforcement action.”