Bulletins

Insurance Bulletin, 12 March 2015

In this issue: Regulation and legislation; Market developments; Court cases and arbitration

1. Regulation and legislation

England and Wales: FCA/PRA consultation on insurance whistle-blowing UK

A joint consultation on whistle-blowing within insurers has been published by the FCA and the PRA. The consultation also relates to deposit-takers and PRA-designated investment firms.

Proposed whistle-blowing measures would be implemented through amendments to the Senior Management Arrangements, Systems and Controls sourcebook. The PRA also intends to introduce a new part of the Rulebook to deal with whistle-blowing within insurers.

The consultation document sets out proposals which, if implemented, would require insurers to take steps including:

Putting in place whistle-blowing arrangements.
Informing their UK employees of arrangements.
Offering protections to whistleblowers.
Including protective provisions in new employment contracts and settlement agreements.
Allocating management responsibility for whistle-blowing to an individual to be known as the “whistleblowers’ champion”.

The consultation document can be found here: http://www.bankofengland.co.uk/pra/Documents/publications/cp/2015/cp615.pdf. The deadline for responses is 22 May 2015.

For more information, please contact Ben Atkinson, Associate, on +44 (0)20 7264 8238, or ben.atkinson@hfw.com, or your usual contact at HFW.

England and Wales: Insurer fined for data protection breach

The Information Commissioner’s Office (ICO) has fined an online travel insurer £175,000 for failing to keep customers’ personal information secure. This amounted to a breach of the seventh data protection principle enshrined in the Data Protection Act 1998.

Attackers gained access, via the firm’s website, to a database containing approximately three million customer records, including over 110,000 live credit card details, as well as customers’ medical details. The compromised credit card details included security numbers, despite industry rules against their storage. Over 5,000 customers had their credit cards used fraudulently as a result.

The attackers had been able to exploit flaws in the firm’s system (some of which had existed for five years) to gain access to customer information.

In particular, the ICO found that the firm:

Did not have any adequate IT security policy or procedures in place.
As a consequence, had failed to update software which could have prevented the attack.

The ICO regarded these as serious and unacceptable failings, reflected in the level of penalty imposed.

A copy of the monetary penalty notice can be found here: https://ico.org.uk/media/action-weve-taken/mpns/1043368/staysure-monetary-penalty-notice.pdf. The case is a reminder of the responsibilities which insurers have in respect of customer data and the serious consequences which can follow from breach of the relevant obligations. Firms suffering data security breaches are not only at risk of ICO fines but in certain circumstances can also face enforcement action for breach of the FCA’s financial crime requirements. Insurers should accordingly make sure that they are properly advised as to their data protection responsibilities.

For more information, please contact Ben Atkinson, Associate, on +44 (0)20 7264 8238, or ben.atkinson@hfw.com, or your usual contact at HFW.

2. Market developments

England and Wales: Bank of England widens scope of personal liability regime

In July 2014, the Bank of England first proposed a new code for insurers and senior bankers which would heavily sanction executives under a new offence for reckless decisions causing a financial institution to fail. The proposals for the code have now been widened to include senior non-executives alongside chairmen in a tough new personal liability regime which was recently unveiled.

No enforcement action has been undertaken so far against top executives due to the difficulties in proving ultimate responsibility for decisions at the top end. The new code is due to take effect next year and will allow authorities to punish top executives with substantial fines likely to be significantly greater than existing levels, lifetime bans and even prosecution for reckless mis-management.

This is one of the most stringent codes in the world for individuals at the top of insurance companies and banks and is unlike any other regime. It is an attempt to crackdown on malpractice in the City following the financial crisis. Following a consultation next month on the new code, it is envisaged that the code will also apply to foreign banks’ UK branches.

The new code also replaces the Approved Persons regime with a Senior Managers regime although the process for applying for approval from the PRA/FCA as a Senior Manager will be similar to the old regime. The code effectively puts the onus on a Senior Manager (as defined in the code as being an approved individual with a Senior Management Function (SMF)) to prove to regulators that they took steps to stop the wrongdoers, rather than putting the onus on the authorities where the burden of proof would normally lie. As such, there is a fear that the code will discourage non-executives from joining boards at a time when they are most needed.

The PRA’s intended approach is to use the code for the most extreme cases and where necessary. They are not looking for a swath of high profile enforcement actions. Organisations need to ensure they have individuals on the board with the right skills who are prepared to dedicate an appropriate amount of time to this vital role.

For more information, please contact Josianne El Antoury, Associate, on +44 (0)20 7264 8012, or josianne.elantoury@hfw.com, or your usual contact at HFW.

3. Court cases and arbitration

UK: Contractor’s Liability Insurance: Aspen v Adana¹

In this important construction insurance case, Judge Mackie at first instance had ruled that a “lump of concrete”, cast in situ by a building contractor, was not a “product” under Adana’s liability insurance policy. The Court of Appeal recently agreed with this, in different terms. In partially overturning the Judge, the Court of Appeal held that Aspen does not insure Adana Construction in respect of damage to a crane which collapsed due to the failure of its foundation works to fulfil their intended function, but does face potential public liability exposure in respect of other (alleged) liabilities to third parties. The appeal Court’s judgment contains findings and observations of general importance for Public and Products liability insurance in the construction context.

Adana was sub-contracted to supply labour, plant and materials so as to fabricate (but not design) four concrete crane-base/pile caps. Four piles had already been installed (by another), one for each crane-leg. Adana drilled four holes into the top of each pile, then inserted and bonded a “dowel” rod into each hole, each protruding one metre above the surface. Adana cast reinforced concrete caps on each pile, encasing the protruding dowels. The caps would support the crane legs, and the bonded dowels would resist upwards tension when the crane was loaded. Unfortunately, the crane collapsed when the dowels were pulled, intact, out of the piles. Adana were sued for resulting damage to the crane and liability to others. It was neither decided nor clear whether the failure occurred due to faulty design, or due to Adana’s failure to follow the design or specification regarding the dowels. Adana’s Building Services Combined Contractor’s Liability policy contained a public liability section which effectively excluded liability caused by any product (as defined), and a products liability section which excluded liability arising in connection with the failure of any product to fulfil its intended function. The Court was concerned solely with policy coverage.

Evidence was adduced that where there was both product and public liability cover in place for a building contractor, there was a market understanding that cover under the former ceased in respect of events occurring following the handover of completed works. This evidence was not accepted, although as a matter of practical reality, it was recognised that it is only latently defective workmanship which will not have revealed itself by the time of handover, so that resulting post-handover liability is usually for products.

Disagreeing with Aspen and upholding Judge Mackie, the Court held that each concrete base/pile cap as a whole, including the dowels, was not a “product”. Applying the conventional and natural meaning of the word, a hallmark of a “product” was something which “at least originally, was a tangible and moveable item which can be transferred from one person to another, and not something which only came into existence to form part of the land on which it was created.” Adana did not construct a product, instead it carried out concreting works for securing a foundation for the crane on and in site. The fact that the works created something did not mean that everything created was a product. The concrete base was therefore not a product, so neither the public liability exception nor products liability cover could apply in relation to the pile caps as a whole.

However, contrary to the Judge’s finding, the dowels were found to be “products” which had been supplied and installed by Adana. If any liability of Adana was caused by a defect in the dowels, there would be exclusion from public liability and inclusion in product liability cover (subject to the “intended function” exception to the latter.) But the dowels had not failed (i.e. broken or fractured.) Leaving aside the possibility of design defect, what went wrong was that the holes drilled into the piles were either too short or too narrow so that the dowels were inserted insufficiently deeply into the piles, and were pulled out of the piles when placed under tension. If this did involve fault on Adana’s part, it amounted to faulty installation/workmanship, which did not therefore lie within the product liability exception in the public liability cover (nor could it lie within the products liability cover, notwithstanding the fact that the product definition extended to installation of it, since a product which is fine but which is badly installed does not give rise to a product liability).

The Court therefore did not need to deal with the “intended function” exception to the products liability cover. Nevertheless, obiter dicta, the Court said that the dowels did not fail to “fulfil [their] intended function” for the purposes of the products liability exception, since they neither broke nor fractured.

Finally, dealing with the overall “Foundation Clause” exception, this excluded damage to any “superstructure arising from the failure of the assured’s foundation works to perform their intended function.” The Court agreed with Aspen (and disagreed with Judge Mackie) that the crane itself, albeit a temporary structure, was a “superstructure”. This term was not restricted to buildings above the ground, since under a general building contractor liability policy for 12 months, one would expect the insured work to embrace temporary erection of a crane. The damage to the crane itself did result from the failure of Adana’s foundation works to fulfil their intended function, and so this was excluded.

Accordingly, Aspen faces potential public liability exposure in respect of Adana’s alleged faulty workmanship regarding the installation of the dowels, other than in respect of damage to the crane itself.

This case seems to be the first occasion on which this policy wording has come before the Court, and it contains valuable guidance as to what constitutes a product in the construction liability context.

For more information, please contact Andrew Bandurka, Partner, on +44 (0)20 7264 8404, or andrew.bandurka@hfw.com, or your usual contact at HFW.

Footnote

[2015] EWCA Civ 176

Australia: A failure to disclose can negate an insurance policy: Section 28(3) of the Insurance Contracts Act 1984 (Cth)

A recent Australian, New South Wales Court of Appeal case¹ decided that an insurer could reject an insured’s claim because:

When applying for a trade credit policy (which insured against the insolvency of the insured’s customer), the insured failed to disclose to the insurer that on three occasions the customer to which the policy related agreed to make additional payments to the insured to comply with the insured’s 21 day payment terms (payment plans).
The insurer was successful in proving that, had the insurer known of these payment plans, the insurer would not have issued the policy to the insured (because it would have considered the customer an unacceptable insolvency risk).
Accordingly, the insurer was entitled to reduce its liability under the policy to nil in accordance with s 28(3) of the Insurance Contracts Act 1984 (Cth). That section broadly provides that, where an insured fails to comply with its duty of disclosure upon entering a contract of insurance, the liability of the insurer in respect of a claim is reduced to the amount that would place the insurer in a position in which the insurer would have been if the failure had not occurred.

This case provides an example of the how a failure of disclosure can affect an insurance policy responding to a claim.

For more information, please contact Andrew Bandurka, Partner, on +44 (0)20 7264 8404, or andrew.bandurka@hfw.com, or your usual contact at HFW. Research by Brendan Donohue, Paralegal.