New Emergency Workers’ Compensation Rules Take Effect

Workers' Compensation Policy

The Department of Insurance has approved emergency workers’ compensation rules dealing with COVID-19 and California employers.

The rules were recommended by the Workers’ Compensation Insurance Rating Bureau to bring fairness for employers’ experience rating during the COVID-19 pandemic amid shelter-at-home orders and for dealing with claims of workers who contract COVID-19 on the job. The following new rules took effect July 1:

1. Classification changes for staff working from home

As a result of the California stay-at-home order, many employers have altered employees’ duties so they can be accomplished from home, and often those duties are clerical-like in nature.

Under the rule, an employee can be assigned payroll classification code 8810 if:

  • Their duties meet the definition of a “clerical office employee” while working from home, and
  • Their payroll for the balance of the policy period is not assignable to a standard classification that specifically excludes clerical office employees.

There are a number of other classifications that already include clerical operations in their definitions, and those classifications would not be eligible for a change.

If you are reclassifying any employees to 8810, make sure to document all changes and maintain records of those changes. This rule is effective for as long as the statewide state-at-home order by Gov. Gavin Newsom is in effect, and 60 days after the order is lifted.

2. Non-working, paid staff

Salaries paid to workers who are at home not working, yet still collecting a paycheck, will be excluded from payroll for workers’ comp premium calculation purposes when the payments are less than or equal to the employee’s regular rate of pay.

Again, make sure you document these payroll disbursements and maintain records to show they were not working, so that they are not chargeable to your workers’ comp policy.

3. COVID-19-related claims

All claims directly arising from a diagnosis of COVID-19 shall not be reflected in the computation of any employer’s experience modification.

The Rating Bureau said in proposing this change that the since the occurrence of COVID-19 workers’ compensation claims are unlikely to be a strong predictor of future claim costs incurred by an employer, their inclusion in X-Mod calculation would not meet the intended goal of experience rating.

The takeaway

Now that these rules have taken effect, if you are having employees work from home you need to assess if the duties they are performing are largely clerical in nature and discuss with your carrier or us whether you should change the code to reflect their new duties and reduced risk of occupational injury or illness.

You will need to document those changes and keep careful records, as the change would likely affect your premium.

Additionally, under a second Newsom order, it will automatically be presumed that any employee who is working on-site and contracts COVID-19 caught the virus in the scope of their work.

Those claims will be eligible for workers’ compensation benefits under the order. But under the Insurance Department’s decision, any COVID-19 workers’ compensation claims will not affect an employer’s experience and X-Mod.

What Business Insurance Policies Cover Rioting, Looting

looting

As protests around the country descended into rioting and civil unrest, many businesses that have been looted, or seen their shops damaged or completely destroyed, will obviously be turning to their insurance to file a claim.

While many companies were unsuccessful in filing business interruption claims for the COVID-19 crisis, claims for damage and theft from rioting and looting are more likely to be paid. A number of coverages will come into play depending on the damage and lost income a business suffers at the hands of rioters, vandals and looters.

Property damage

Standard commercial property policies cover damage to a business property caused by fire, explosion, riot or civil commotion, vandalism or malicious mischief. This would include coverage to the structure of the business, as well as any inventory, fixtures and other contents. Business owner’s policies also include this risk.

The business personal property coverage portion of the policy would cover damage and theft if rioters break into a real estate office, for example, and steal computers, burn furniture and destroy office equipment. That said, the damage would be subject to limits (specific or blanket), as well as any deductibles required by the policy.

Commercial vehicle damage

Automobiles are covered under the optional comprehensive portion of a commercial auto policy, which you should have for all your vehicles. This will pay for damage to the vehicle and its contents caused by fire, falling objects, vandalism or rioting.

Comprehensive coverage will cover the gamut and will pay you if a vehicle is:

  • Stolen,
  • Damaged, or
  • Destroyed (for example, burned).

One of the most common damages to vehicles during riots is broken windshields, which you can usually get covered with an optional glass coverage rider.

Business interruption coverage

Companies that are forced to close as a result of riot and looting damage may have coverage for business interruption under a business property policy.

The policy may also cover lost income because a business had to close after riots. It would often cover dependent properties or have contingent business extensions of coverage. Also, coverage can apply if a business suffers a loss of income because of curfews or if authorities bar access to a property.

Coverage is typically triggered if there is direct physical damage to the premises.

You should note that many policies require a 72-hour waiting period before a policyholder can begin making a claim. That’s because the first three days of business shutdown, access constraints or limited hours of operation because of a civil authority action are often excluded from coverage.

There may also be a limit to the claim period. A standard limit is up to three weeks of losses.

Filing a claim

When filing a claim, read your policy in its entirety to determine how to best present it. It’s important to understand the policy’s limits and deductibles before spending time documenting losses that may not be covered.

If you are going to file a claim, document all damage. You should have receipts for all your inventory and fixtures. Here’s what you should do:

  • Take photos of all damage.
  • Contact your agent and file a claim immediately.
  • Clean up to protect your building, but do not make major repairs until you talk to the insurance company.
  • Keep receipts for any remediation work.

If you’re going to file a business interruption insurance claim, you will need:

  • Pre-riot financial statements and income tax returns.
  • Post-riot business records.
  • Copies of current utility bills, employee wage and benefit statements, and other records showing continuing operating expenses.
  • Receipts for building materials, a portable generator and other supplies needed for immediate repairs.
  • Paid invoices from contractors, security personnel, media outlets and other service providers.
  • Receipts for rental payments, if you move your business to a temporary location.

A final thought: Filing a business interruption claim is not easy, particularly when estimating losses. The process is highly complex and can be contentious. If the insurer disagrees with your loss estimates, they may have specialists audit your claim.

 

Coverage Disputes Over Online Attacks Grow

cyber coverage

A federal court has ruled that an insurer’s professional liability policy must pay out $6 million for a company’s losses from a business e-mail compromise scam, even though the business lacked cyber coverage.

The ruling is part of a growing trend of businesses that haven’t purchased cyber insurance seeking coverage for cyber-related losses from other policies they do have, such as business liability, professional liability, and directors & officers (D&O) coverage.

Seeking coverage for cyber losses and for e-mail compromise scams from other than cyber policies is not often successful, and whether the insurer will pay out can depend on the nature of the loss.

In this latest case however, a judge in the U.S. District Court in the Southern District of New York ruled that American International Group must cover $5.9 million that a company had been duped out of by Chinese hackers in 2016.

AIG had disputed the claim saying that the professional liability policy the business had does not cover “criminal acts,” adding that it had never sold the company a cyber policy.

These disputes are becoming more common and you should pay attention to your policy exclusions, as well as consider cyber insurance, if you have assets that could be exposed through a cyber attack or fraud.

How was the business scammed?

SS&C Technologies received spoof e-mails that purported to come from one of the company’s clients, Tillage Commodities Fund, a commodities investment firm. The e-mails instructed the company to make six wire transfers to a bank account in Hong Kong.

The scammers masqueraded as Tillage employees with e-mail addresses that spelled “Tillage” as “Tilllage.”

But according to court documents, there were telltale warning signs that the e-mails were fishy:

  • One e-mail asking SS&C to wire $3 million contained only the words “How was your weekend?” and then the wire transfer details.
  • E-mails included grammatical errors and unusual syntax like “Let’s round up business today.”

Based on the above, staff at SS&C were not too diligent in looking out for possible

business e-mail compromise scams involving a third party hacker posing as someone else (a client, a vendor or even a manager or president of the targeted company) via e-mail and requesting a wire transfer into a bank account.

This type of scam, which cost organizations $300 million every month in 2018, according to the U.S. Department of Treasury, is covered by a standard cyber insurance policy.

SS&C did not have a cyber policy, so it sought coverage under its professional liability policy for the losses it sustained when transferring those funds. AIG did pay for SS&C’s legal defense costs after Tillage Commodities sued, but refused to cover the $5.9 million in stolen funds.

According to court documents, AIG’s policy included a clause that it would not provide indemnity coverage for losses arising from “dishonest, fraudulent or criminal acts.”

What this means for your firm

While this case worked out for the insured party, businesses should not rely on their non-cyber insurance policies to continue paying claims. As costs for cyber attacks like ransomware, malware, stolen data and business e-mail compromise scams grow, insurers are increasingly including clauses that explicitly exclude coverage for those risks.

If you have any important company assets in digital form and/or make or receive payments online, it would be wise to secure a cyber insurance policy.

If you don’t, you can try to seek coverage under other policies. That it may be difficult to obtain, but not impossible.

For example, if your company has D&O liability insurance and/or crime insurance, it may be able to seek coverage for any ransomware events since those policies will typically include coverage for kidnapping and ransom.

Some insurers are now providing — either deliberately or unintentionally — kidnapping and ransom coverage that applies to ransoms paid in response to cyber extortion. Among the events that these policies may consider cyber extortion are:

  • Threats to poison a computer system with malware.
  • Threats to change, damage or destroy programs or data stored on a system if the owner does not pay a ransom.

That said, many insurers who provide this coverage likely did not anticipate covering ransomware losses and have started changing their D&O and crime policies to specifically exclude ransomware.

Other insurers have added deductibles to the coverage, mirroring the terms of cyber policies, while others have capped the amount of business interruption coverage they will provide for cyber-extortion losses.