WeiserMazars nonprofit risk presentation Konrad segment 061516

WeiserMazars LLP is an independent member firm of Mazars Group.

MANAG I N G R I S K F O R NON P RO F I T S

June 15, 2016 – New York, NY


T O D AY ’ S T O P T H R E AT S

A N D H OW T O MA N A G E T H E MP R E S E N T E D B Y : S C O T T K O N R A D

HUB I N T E R N A T I O N A L NOR T H E A S T L IM I T E D


D I S CUS S ION THEMES

Why worry about risk?

Strategy first – insurance last

Top risks and remedies

3


WHY WORRY ABOUT R I S K ?

“Nonprofit Leader Allegedly Attacked in Embezzlement Cover‐Up” (04/06/16) “Donations to Wounded Warrior Project Slow After Spending Scandal” (03/14/16) “Cancer Charity That Raised $10 Million Admits Bogus Claims” (12/17/15) “Duluth Diocese in Bankruptcy After $4.8 Million Abuse Award” (12/08/15) “NY Charity Accused of Bilking Teens on Summer‐Job Pay” (08/14/15) “California to Investigate Group Behind Planned Parenthood Videos” (07/27/15) “Pakistan Expels Aid Agency Save the Children” (06/11/15) “Perp Walk: Nonprofit ED Gets Jail Time” (05/18/15) “Nepal Earthquake: Americans Stuck as Death Toll Rises” (04/27/15) “Suit Claims AIDS Charity Bilked $20 Million in Federal Funds” (04/09/15) “$19 Million Loss Slams Doors on NY Agency” (02/03/15) “Boy Scouts Ordered to Pay $7 Million” (12/17/14) “Ebola Tests Insurers’ Medical Evacuation Services as Airlines Cut Flights” (10/13/14) “Suit Alleges $2 Million Embezzlement by Ex‐PBS Official” (09/26/14) “Livestrong Gifts Fell by a Third After Armstrong Admission” (09/12/14) “Lawsuit: NY Charity Threw Parties While Missing Paychecks” (08/05/14) And more...

4


YOUR R I S K LANDSCAPE

5

Transportation Cyber

Employment practices

Special events

Travel & security

Terrorism

Professional services

Weather events

Occupational injuries Habitational riskVolunteer risk

Abuse and molestation

Employee and volunteer dishonesty

Student life and activitiesManagement liability

Fine Arts risk

Operations abroad

…and moreMedia liability


STRATEGY F I RST – IN SURANCE LA ST

6

• What risks do you face?

• How frequent?• How severe?• Worst‐case impact?

• Due diligence in new ventures

• Property protection

• Safety programs• Travel risk management

• HR policies• Other preventive measures

• Consider all key contracts

• Which way does risk flow?

• Does the ‘other guy’ have the Right Stuff?

• Do you?

• Look at your loss history

• Avoid ‘trading dollars’ for low deductibles

• Absorb risk that’s predictable and affordable

Assess & IdentifyRisks

Avoid & ReduceRisks

TransferRisks

RetainRisks


TOP R I SK S & REMED I ES : I N FORMAT ION R I S K

Everyone has data: from clients, donors, employees, grantees, business partners

The state‐of‐the‐art in technology has advanced

The legal landscape has become more complex

The standard of expected conduct is higher

Nonprofits tend to be resource‐challenged

Online giving is on the rise

– 9.2% of total giving– Expanding mobile payment capabilities– Crowdfunding for social causes projected @ $6B

7


I N FORMAT ION R I S K : 4 TYPES OF DATA

PII – Personally Identifiable Information

– e.g., Name in combination with Social Security number, driver’s license number, bank account information, credit card information, online/financial account username and password

PHI – Protected Health Information

– Information relating to provision of healthcare, mental/physical condition, payment for provision of healthcare that identifies or can be used to identify individual

PCI – Payment Card Industry Information

– Cardholder data

Intellectual Property

8


I N FORMAT ION R I S K : HOW DO I N C ID ENTS OCCUR?

Lost Devices & Inadvertent Publication of

Data

DisgruntledEmployees

Vendors &Subcontractors

Hackers & UnsecuredWebsites

9

Accidental Intentional

Internal

External


I N FORMAT ION R I S K : BEST PRACT I C ES CHECK L I S T

Cybersecurity governance and risk management – Board engagement

Cybersecurity risk assessments

Technical controls

Incident response planning

Staff training

Cyber intelligence and information sharing

Third‐party/vendor management

Cyber insurance – risk financing tool

10


I N FORMAT ION R I S K : I N SURANCE CONS IDERAT IONS

Which exposures to insure

– First‐party: Damage to your network, digital assets; breach response costs– Liability: Damage to others’ network(s) and digital assets; privacy liability– Regulatory costs, including defense costs– Media Liability

Availability of insurer and broker breach coaching

Breadth of policy contract – no two products are built alike

Coverage territory

Insurer expertise and financial strength

Cost

11


TOP R I SK S & REMED I ES : OPERAT IONAL RES I L I ENCY

The ability to adapt to, and to withstand, changes to the normal operating environment

– Emergency response – incipient stage– Disaster recovery ‐ aftermath– Operational continuity – longer‐term

Many potential causes of interruption: facility‐related damage (fire, explosion, water damage), utility interruption, natural catastrophe, IT breach/outage

Interruption can threaten your revenue stream and trigger expense increases

Incalculable ripple effects

Many nonprofits remain unprepared

12


ORGAN I ZAT IONAL RES I L I ENCE H I ERARCHY

13


OPERAT IONAL RES I L I ENCY: A ST I TCH I N T IME SAVES N INE

Assemble a business continuity team

– Define roles, responsibilities, communications– Enlist executive support

Collect data

– Critical functions– Important contacts– Critical vendors– Alternate sites– Vital records

Create recovery plans

– Strategies and tasks– Internal and external resources

Activate, test, and refine plans

14


OPERAT IONAL RES I L I ENCY: I N SURANCE CONS IDERAT IONS

Time element exposures and values

Indirect exposures

– Civil authority– Ingress/egress– Off‐premises utility interruption– Contingent business interruption

Extended period of indemnity

Other coverage extensions

Designated adjuster

Insurer expertise and financial strength

Cost

15


TOP R I SK S & REMED I ES : NONOWNED AUTO L I AB I L I T Y

Civil liability to entity from employee/volunteer use of personal cars in business

– Respondeat superior creates agency

Catastrophic potential

Almost every nonprofit is exposed

– Entity perceived as “deep pocket”

Entity relies on its insurance – driver looks to his/her own personal insurance

Increasing exposure because of distracted driving

Increasing scrutiny by commercial insurers

Murky subject – definitive policies often lacking

16


NONOWNED AUTO L I AB I L I T Y: MIT IGAT ING YOUR R I S K

Nonowned Auto Use Agreement –between Entity and individual driver

– Minimum acceptable personal insurance limits

– Current state vehicle registration/inspections

– Vehicle maintained in safe operating condition when used for business

– Proof of acceptable personal insurance and changes

– Ancillary equipment designed/rated for use intended by Entity

– Acceptable motor vehicle report (MVR)

– No “Business Use” exclusion in personal insurance

Organizational Vehicle Use Policy

– Vehicle use rules– Distracted driving– Driver selection criteria, including

internal point system for moving violations

– Rental vehicle policy– Post‐accident investigation

responsibilities

17


RESOURCES

Nonprofit Risk Management Centerhttp://nonprofitrisk.org

eRiskHub®https://eriskhub.com – contact Scott Konrad for access credentials

HUB Data Breach Cost Calculatorhttps://www.hubinternational.com/business‐insurance/cyber‐risk‐solutions/tools/data‐breach‐cost‐calculator/

“Why Nonprofits Can’t Afford to Ignore Cyber Risk” (LinkedIn Pulse)https://www.linkedin.com/pulse/why‐nonprofits‐cant‐afford‐ignore‐cyber‐risk‐scott‐konrad?trk=pulse_spock‐articles

“But We Don’t Own Any Vehicles” (LinkedIn Pulse)https://www.linkedin.com/pulse/we‐dont‐own‐any‐vehicles‐scott‐konrad?trk=mp‐author‐card

HUB Crisis Management Centerhttp://www.hubinternational.com/crisis‐management

Insurance & Risk Management Terms(International Risk Management Institute)http://www.irmi.com/forms/online/insurance‐glossary/terms.aspx

18


FOR MORE I N FORMAT ION

19

Scott R. KonradSenior Vice PresidentNot‐for‐Profit Business Practice LeaderHUB International Northeast Limited5 Bryant Park | 1065 Avenue of the AmericasNew York, NY 10018(212) 338 2295 Direct(347) 491 9671 [email protected]

Scott Konrad is a Senior Vice President of HUB International Northeast, with responsibility to build, brand, grow and lead a specialty practice serving the insurance, risk management, and employee benefit needs of tax‐exempt organizations. An industry veteran with 39 years of experience, Scott began his insurance career with Liberty Mutual Insurance Company. He transitioned several years later to the brokerage sector, serving in a variety of claim management, sales leadership, and relationship management roles with global brokers Johnson & Higgins, Marsh & McLennan, and Willis, over the majority of his career. From 1996 to 2003, Scott was an officer of the Church Insurance Companies, the denominational insurance arm of the Episcopal Church, for which he established a regional service center and managed deployment of the companies' products and services to over 2,000 institutional clients in 20 Episcopal dioceses throughout 11 Northeastern states. Scott joined HUB in 2013 from Crystal & Company, an independent, privately‐owned broker. A graduate of Colgate University, Scott has been recognized by Risk & Insurance magazine as a Power Broker® to the Nonprofit sector for the past six consecutive years, and he is a frequent speaker and author on nonprofit risk management themes. He launched and fronts HUB’s corporate partnerships with InsideNGO and the Nonprofit Risk Management Center. Scott is accredited in Risk Management for Churches and Schools by the University of Cambridge (UK), and serves on the diocesan insurance board for the Episcopal Diocese of Connecticut.

Documents

WeiserMazars nonprofit risk presentation Konrad segment 061516