Executive Corner: Emerging Risk Trends and Best- Practices Management for A/E Firms
Michael Herlihy
Russ Ryan
Understanding professional liability and managing risk is an important aspect of all A/E business plans. For this installment of “Executive Corner,” Russ Ryan, principal at Rusk O’Brien Gido + Partners (e-mail: [email protected]), interviews Michael Herlihy, ARM, CRIS, executive vice president of Ames & Gough, insurers and risk-management service providers to A/E clients (e-mail: [email protected]).
Ryan: As we head into 2016, are there any emerging risk trends faced by design-professional firms that bear watching as well as some best practices to consider in managing these risks?
Herlihy: Cyber risks are an increasing concern. Although data breaches that make front-page headlines have been in retail, banking, healthcare and government, design-professional firms aren’t immune to loss from data breaches of their computer systems. Employers are liable for the personal information of employees that might be stolen through a data breach of the employer’s computer system.
With the expanded sharing of technology in the design-professional industry, including through Building Information Modeling (BIM), firms also need controls over access to the model as well as protecting data from corruption. Associations such as the American Institute of Architects and ConsensusDocs now have addenda to their standard documents to help firms develop protocols to facilitate the safe use of technology.
Ryan: What about email security?
Herlihy: In August 2015, the FBI released a public-service announcement warning about the growing threat of Business Email Compromise (BEC), a scam whereby hackers compromise legitimate business emails through social engineering or computer-intrusion techniques. Hackers have successfully sent emails from the compromised accounts of business executives to accounts-payable departments and financial institutions, instructing the wire transfer of funds to the hackers’ accounts. According to the FBI, more than 7,000 businesses in the United States were victimized between October 2013 and August 2015—the amount stolen is close to $750 million. Financial institutions aren’t necessarily liable for these funds as long as they can show they followed a commercially reasonable security protocol.
In response, insurers now offer expanded crime and cyber insurance policies, providing some coverage against these risks. The questions on these applications as well as risk-management recommendations from insurers are useful tools in developing internal procedures that better protect electronic data and guard against loss due to BEC. For example, companies should have callback-verification procedures in place that must be followed before any checks are sent or funds transferred. Also, when sharing a BIM model, firms should appoint a model manager to control access and protect data.
Ryan: We’re hearing a lot about increased use of drones. What should engineering firms do to control their risk?
Herlihy: Unmanned Aircraft Systems (UASs or drones) can be useful in surveying as well as inspecting structures such as bridges and tall buildings. At present, insurance for using such aircraft is very limited. Professional liability insurance policies exclude coverage for claims arising from the operation and use of aircraft. The Insurance Services Office, which drafts and files policies and coverage endorsements for use by the insurance industry, recently developed endorsements that add liability coverage for bodily injury, personal injury and property damage arising from the use of unmanned aircraft. However, insurers are waiting for the Federal Aviation Administration (FAA) to rule on guidelines governing the use of unmanned aircraft before widely offering the coverage.
Firms seeking to use drones in their businesses should be familiar with the general guidelines and instructions the FAA has available on its website, in particular the Small UAS Notice of Proposed Rulemaking. The proposed rules are yet to be finalized, but they include limiting flights to daytime use, height restrictions, airspeed restrictions, requiring operator certification, UAS registration and limiting flights to visual line-of-sight operations.
Ryan: What about employment-related practice risks?
Herlihy: Employment-related claims against all employers have been on the rise during the last five years. In particular, there were more than 8,066 filings last year alleging wage and hour violations under the Fair Labor Standards Act. Evolving working conditions such as outsourcing and telecommuting create challenges in tracking hours worked, especially by non-exempt employees. And all industries face major class-action litigation by claims from unpaid interns; firms that regularly employ interns need to carefully monitor their hours worked. In addition, companies should stay current with the Fair Labor Standard Act’s rules on minimum salary levels for exempt employees as well as what duties qualify for exempt status. Firms need to have clear policies in place regarding duties and overtime rules for non-exempt employees, such as requiring prior approval before working additional hours.
The EEOC reports that for fiscal-year 2014, there were 88,778 charges of workplace discrimination. Race discrimination made up 35 percent of the total, followed by disability at 28.6 percent and age at 23.2 percent. Important steps to avoid such claims include the following:
- Enforcing a written EEOC policy against harassment and discrimination.
- Human-resources training for managers and supervisors.
- Employee handbooks with employment policies and grievance procedures that employees must read and sign when hired.
The purchase of Employment Practices Liability Insurance is a valuable added step to guard against employment-related claims. Chief benefits included with such insurance are the risk-management resources offered to prevent claims. Generally, such resources include human-resources best practices; sample employment policies and handbooks; and toll-free phone lines staffed by attorneys to assist with employment-related matters, including handling complaints, and disciplining or terminating employees.
Ryan: Anything else?
Herlihy: An often-overlooked exposure is the risk arising from employee use of automobiles for business purposes. Employers are liable for losses caused by employees when driving their autos on company business. Engineering and architectural firms have faced multi-million-dollar claims due to bodily injury caused by employees driving to or from jobsites. Firms of all sizes are at risk, and general risk-control recommendations include the following:
- Periodic reviews of employee motor-vehicle records for employees using automobiles on company business.
- Written driving policies prohibiting driving under the influence, speeding and the use of radar detectors.
- Prohibiting the use of cellphones when driving.
- For companies that own vehicles, taking advantage of fleet-safety surveys and safe-driver training readily offered by insurers.
- Consider purchasing higher umbrella or excess liability limits as further protection against large claims arising from automobile use.
Effective risk management includes a constant assessment of emerging risk trends and developing steps to control emerging risks.
