Search Results

Open enrollment can be an extremely positive and rewarding experience for you and your employees, providing you plan for it well in advance. It’s important to review and modify your benefits offerings to enhance your employees’ physical, mental, and financial health. Consider the following open enrollment checklist to help you prepare for a successful 2024 open enrollment! Click here to access a downloadable version of this checklist! ☐ Be ready to answer employee questions regarding health care reform legislation. Understand how the legislation affects your benefits offerings and be prepared to share this knowledge with employees. ☐ Make a list of anything new and exciting that will enhance your open enrollment processes. Plan to communicate these enhancements to employees. ☐ Consider online enrollment programs and software if you haven’t already. Allow time to implement them onto your company website before your open enrollment period. ☐ Maintain records of employee questions, comments, and concerns, preferred communication methods, trends in employees’ selections, and other information that will help you better serve employees during open enrollment. ☐ Make necessary changes to your benefits offerings before the open enrollment period to avoid rushing at the last minute. ☐ Survey employees on what they are seeking in terms of benefits offerings and any improvements they would like to see. Customize your offerings to your employee population after analyzing survey results. ☐ Consider offering new benefits, even if they are 100% voluntary. Spread the knowledge ☐ Hold meetings with employees to review coverage options and changes. Offer information regarding benefits in various formats to your employees such as one-on-one meetings, viral benefit fairs, mailers, or intranet tools. ☐ If pamphlets or brochures are provided by your carrier or third-party administrator, deliver them to employees. ☐ Communicate helpful phone numbers and websites to employees looking for additional resources. Know your audience ☐ Be prepared to answer questions that employees asked most frequently last year. ☐ Create a frequently-asked-questions sheet with answers to distribute, post, or email to employees. ☐ Provide answers to basic questions, such as how much premiums will increase, new coverage options, etc. ENROLLMENT PERIOD Make sure employees have received all of the following materials, including: ☐ Open enrollment schedule ☐ Statement of current coverage ☐ Plan-specific changes and rates ☐ Plan-specific summaries ☐ Open enrollment booklet and forms ☐ Deadline for open enrollment ☐ Carrier contact information Guide your employees through this period: ☐ Provide employees with materials and give them time to review them, ☐ Offer generous deadlines, with frequent reminders. ☐ Send a reminder the day before the enrollment deadline. ☐ Remain available through various mediums for employees to contact with questions and clarification. ☐ Make sure employees understand that you are available to answer any questions and that no question is too simple or complex. POST-ENROLLMENT PERIOD Did you… ☐ Check enrollment forms for any missing information? ☐ Check enrollment forms for any information that was incorrectly filled out? ☐ Submit all enrollment forms to the carrier? ☐ Ensure that you follow any health care reform provisions that affect your plan and employees? ☐ Follow up to ensure all employees received their ID cards? ☐ Make sure all employees are clear about their benefits and don’t have any outstanding questions?

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have teamed up to release a comprehensive joint cybersecurity advisory, shedding light on the most prevalent cybersecurity misconfigurations that tend to plague large organizations. This article delves deeper into these common misconfigurations and provides a detailed understanding of each, along with recommended mitigation strategies for your organization to implement. Default software configurations: Default software configurations can pose security risks, as they may contain vulnerabilities and overly permissive settings. To mitigate these risks, change or disable default usernames and passwords, secure ADCS settings, review template permissions, and assess the necessity of LLMNR/NetBIOS. Improper user/administrator privilege separation: Assigning multiple roles to a single account can lead to undetected access to various resources if compromised. To enhance cybersecurity, use authentication, authorization, and accounting systems, audit user accounts regularly, limit privileged account usage, and restrict domain users in local admin groups. Additionally, employ non-admin accounts for daemonized apps and configure service accounts with minimal permissions. Insufficient internal network monitoring: Poor sensor configurations can go unnoticed and hinder data collection for baselines and timely threat detection. To address this, establish application and service baselines, regularly audit access, develop an organization-wide baseline for traffic, network, host, and user activity, employ auditing tools for privilege and service abuse detection, and implement a security information and event management system. Lack of network segmentation: Without network segmentation security, malicious actors can move freely across systems, posing a ransomware and post-exploitation threat. To mitigate this, use next-gen firewalls for deep packet inspection, segment the network to isolate critical assets, and employ separate virtual private cloud instances for essential cloud systems. Poor patch management: To prevent security vulnerabilities, maintain up-to-date software through efficient patch management. Automate updates, segment networks to reduce exposure, cease unsupported hardware and software usage, and patch firmware against known vulnerabilities. The bypassing of system access controls: Avoid using the same credentials across different systems. Implement PtH mitigations and restrict domain users from being local administrators on multiple systems to enhance security. Weak or misconfigured multifactor authentication (MFA): Improperly configured multifactor authentication can lead to unchanging password hashes, posing a risk in Windows environments. Disable legacy authentication protocols and enforce modern, phishing-resistant MFA using open standards for enhanced network security. Insufficient access control lists (ACLs) on network shares and services: Data shares and repositories are prime targets for malicious actors due to improperly configured ACLs. Prevent unauthorized access by securing storage devices and network shares, employing the principle of least privilege, setting restrictive permissions, and enabling the “Do Not Allow Anonymous Enumeration of SAM Accounts and Shares” Group Policy setting in Windows. Also, apply strict permissions to files and folders with sensitive private keys. Poor credential hygiene: To prevent cyber-attacks, maintain good credential hygiene by following NIST’s password policies, using strong, unique passwords, avoiding password reuse, using strong passphrases for private keys, storing passwords securely, reviewing for cleartext credentials, and considering group-managed service accounts or third-party software for password storage. Unrestricted code execution: Restrict unverified programs, use application control tools, limit scripting languages, and regularly review and update border and host-level protections to block malware effectively. Additional Mitigation Strategies It is highly recommended by CISA and NSA that organizations continuously exercise, test, and validate their security programs in a production environment. Regular testing ensures that the security measures remain effective and adaptable to new threats. Additionally, organizations can learn from the vulnerabilities and shortcomings experienced by others and swiftly implement necessary mitigation measures to safeguard their networks, sensitive information, and critical missions. Conclusion The joint advisory from CISA and NSA provides invaluable insights into the most common cybersecurity misconfigurations and offers detailed strategies for mitigating these risks. By diligently addressing these issues and following the recommended best practices, organizations can significantly enhance their cybersecurity posture and protect against a wide range of threats. For more risk management guidance, contact us today.

For commercial property owners and managers, protecting facilities and minimizing potential losses is of utmost importance. One invaluable resource is infrared thermography. This advanced imaging technology is nonintrusive and highly efficient in detecting issues before they escalate into major complications. This article explores the mechanics of infrared thermography and its multiple applications in reducing commercial property losses. How Infrared Thermography Works The process of infrared thermography involves the detection of infrared radiation emitted by objects based on their temperature. Camera sensors equipped with highly sensitive infrared technology can detect even the slightest temperature variations across an object or surface. These sensors convert the detected thermal radiation into an electrical signal, which is then processed to produce a visual image. The resulting image displays a color palette that represents different temperature ranges, making it easy to identify hot spots or anomalies. Trained thermographers analyze these images to identify potential issues such as overheating electrical components, water leaks, insulation deficiencies or structural weaknesses. Applications of Infrared Thermography in Commercial Properties Infrared thermography has a wide range of applications in commercial property management, including: Electrical Systems: Detecting overheating electrical components like circuits, switches, and connections can help prevent electrical fires and costly downtime. Roof Inspections: Identifying water leaks or moisture within roofing systems can prevent damage to insulation and structural components. Building Envelopes: Detecting insulation deficiencies and air leaks in walls and windows can improve energy efficiency and reduce heating and cooling costs. HVAC Systems: Uncovering issues in heating, ventilation and air conditioning systems can ensure optimal performance and energy efficiency. Plumbing: Identifying hidden water leaks can prevent structural damage and mold growth. Structural Inspections: Detecting weaknesses or anomalies in building structures can help prevent costly repairs or collapses. Benefits of Infrared Thermography for Businesses The implementation of infrared thermography can greatly benefit businesses across various sectors. One of the most notable advantages is the ability to detect potential issues early on, enabling proactive maintenance to avoid costly breakdowns and downtime. This approach not only saves money but also improves operational continuity. Additionally, it enhances safety by identifying and addressing fire hazards, electrical problems and structural weaknesses, reducing the risk of accidents and injuries. By identifying inefficiencies in HVAC systems and building envelopes, infrared thermography can also enhance energy efficiency, resulting in substantial cost savings by reducing energy consumption. Ultimately, this technology helps safeguard investments, prolong the lifespan of critical equipment and optimize operational efficiency, making it a valuable asset that can greatly enhance the financial stability and overall performance of businesses. Conclusion For commercial property owners and managers, infrared thermography can be an invaluable tool in preventing significant losses. It helps identify problems at an early stage, ensuring safety and improving energy efficiency, which ultimately saves money and protects investments. By including it in a thorough maintenance plan, commercial property owners can experience greater financial stability and peace of mind. Please contact us today for additional guidance on commercial property risks. The information contained in this article is not exhaustive nor should it be construed as legal advice. Readers should contact legal counsel or a licensed insurance professional for tailored guidance.

The Internal Revenue Service (IRS) has issued Notice 2023-70 to increase the Patient-Centered Outcomes Research Institute (PCORI) fee amount for plan years ending on or after Oct. 1, 2023, and before Oct. 1, 2024. The updated PCORI fee amount is $3.22 multiplied by the average number of lives covered under the plan. Applicability of PCORI Fee The PCORI fee was created by the Affordable Care Act (ACA) and first applied for plan or policy years ending on or after Oct. 1, 2012. The fee is imposed on health insurance issuers and self-insured plan sponsors to fund comparative effectiveness research. The PCORI fee was originally scheduled to expire in 2019. However, a federal spending bill extended the PCORI fee for an additional 10 years. As a result, the PCORI fee will apply through the plan or policy year ending before Oct.1, 2029. Payment Deadline PCORI fees are reported and paid annually on IRS Form 720 (Quarterly Federal Excise Tax Return). These fees are due each year by July 31 of the year following the last day of the plan year. For plan years ending in 2023, the PCORI fee is due by July 31, 2024. Employers with self-insured health plans should have reported and paid PCORI fees for 2022 by July 31, 2023. Calculating the PCORI Fee The PCORI fees are calculated based on the average number of covered lives under the plan or policy. This generally includes employees and their enrolled spouses and dependents, unless the plan is an HRA or FSA. Final rules outline a number of alternatives for issuers and plan sponsors to determine the average number of covered lives. This Legal Update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.

In a situation where one company merges with another to become a single entity, or when one company is acquired by another, both parties must review and update their insurance coverages to ensure all risks are accounted for. This article details some of the steps your company should take to prepare for a merger or acquisition and defines two types of insurance that may help your company close the deal with confidence. Perform an Insurance Review To make sure your company is not blindsided by surprise liabilities after a merger or acquisition transaction, perform the following review: Ensure all of the seller’s existing policies have sufficient limits and adequate coverage for its main risks. Determine whether the seller has any potential liabilities that are not insured. To do this, review the seller’s claims history and existing policies. Take note of the seller’s existing contracts guaranteeing indemnification, or agreeing to additional insured status for suppliers, customers or corporate affiliates of the seller. Review existing contracts to look for any indemnities or insurance that may have been presented to the seller from other parties. Pinpoint new exposures that could pop up if operations are added or moved to locations unfamiliar to your company. New coverages may need to be purchased or old policies may need to be updated to make sure these operations are covered. Address any circumstances or conditions that could generate claims that would fall under the seller’s coverage. Address any differences in the way the seller reported claims with the way the buyer reports claims. Additional uncovered liabilities are often discovered in the due diligence process, and the purchase price can be adjusted accordingly or the buyer granted applicable indemnification. Representations and Warranties Insurance During a merger or acquisition, certain discrepancies may appear in the way each company has represented itself. These inaccuracies could cause significant liabilities after closing, and those liabilities may not be covered by general liability policies. If indemnification hasn’t been promised, specialty insurance should be considered to cover these potential risks. Representations and warranties insurance protects buyers and sellers of a company against any inaccuracies made in representations and warranties. Some advantages of this type of coverage are that it does the following: Extends the time for representations and warranties, which gives buyers more room to spot any existing problems with the recently purchased business Removes the worry of not being able to collect on a seller’s promised indemnification Speeds up a business sale by covering the liabilities of future representations and warranty claims During an auction, allows the buyer to place a distinguishing, lower, stand-out bid Allows a seller to fully and completely leave a business if desired Allows the buyer to maintain a good relationship with the seller, who may become the buyer’s employee or business partner after the transaction D&O Run-off Coverage If you have a directors and officers (D&O) policy, you know that it protects you from the costs associated with any lawsuits, investigations, or other claims brought against you. In a merger or acquisition scenario, the D&O coverage of both entities needs to be examined before the completion of the transaction to ensure gaps in coverage will not exist. D&O policies are typically structured as “claims made,” which means the insurance does not cover the company after the policy expires. This means that if a claim is filed against the seller after the seller’s D&O policy expiration date, the seller will be responsible for paying any charges in full. Depending on the specific contract details, this could mean that the buyer is responsible for footing the bill. Run-off insurance provides extended D&O coverage (for a selected period) for any claims that arise after the seller’s policy expires. It should be secured before the merger or acquisition transaction closing. Another factor to examine in D&O insurance is the “change in control” clause. Many D&O policies include a “change in control” clause that modifies or voids the coverage if the company is merged into or acquired by another company. Merger and acquisition deals can be complicated. Extensive research and preparation must be completed before the closing of the deal to ensure there are no gaps in insurance coverage. When preparing for a merger or acquisition, it is crucial to understand how the buyer’s policy and the seller’s policy will respond to a change in control and to secure run-off coverage for any claims made following policy expiration dates. To avoid saddling your combined company with uninsured liabilities, you must be knowledgeable about your insurance policies and how each might be modified in a merger and acquisition transaction. For more information about protecting your company or for further insight into your policy language, contact Cottingham & Butler today. This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact a Cottingham & Butler representative directly for appropriate guidance.

Preliminary data from the U.S. Equal Employment Opportunity Commission (EEOC) showed that the agency filed 50% more employment discrimination lawsuits in fiscal year (FY) 2023 than in FY 2022. There were 143 new employment discrimination lawsuits filed in FY 2023, including 25 systemic lawsuits (nearly double the amount filed in each of the past three fiscal years and the largest number of systemic filings in the past five years), 32 nonsystemic class suits for multiple harmed parties and 86 suits for individuals. “The EEOC’s litigation program is an important tool to ensure compliance with the nation’s anti-discrimination laws and promote equal employment opportunity when the Commission is unable to obtain voluntary compliance.” -Charlotte A. Burrows, EEOC chair The cases filed in FY 2023 represent a broad array of issues covered under the statutes enforced by the EEOC, including the Americans with Disabilities Act, Pregnancy Discrimination Act, Equal Pay Act, Age Discrimination in Employment Act, and Title VII of the Civil Rights Act. These cases covered a range of issues, such as protecting vulnerable workers and people from underserved communities, addressing barriers in recruitment and hiring, confronting qualification standards and inflexible policies that discriminate against individuals with disabilities, advancing equal pay, combatting unlawful harassment, addressing the long-term impact of the COVID-19 pandemic and preserving access to the legal system. In FY 2023, the EEOC also filed its first lawsuits against companies for failing to grant employees with religious exemptions to COVID-19 vaccine policies. Experts anticipate there may be an uptick in religious accommodation lawsuits following the U.S. Supreme Court’s Groff v. Dejoy decision in June. The EEOC also resolved its first-ever artificial intelligence-based hiring discrimination case against an organization that allegedly programmed recruitment software to reject older candidates. Employer Takeaways The EEOC’s goal is to advance workplace opportunity by enforcing federal employment discrimination laws. Many changes have taken place at the agency in FY 2023, including new leadership, structural changes, and a significantly increased proposed budget. As a result, employers may see a continued increase in enforcement in the coming months and through next year. Therefore, employers must understand their legal obligations related to discrimination laws. For more compliance resources, contact us today.

It's crucial that businesses in all industries need to take steps to make the workplace a safe environment. Conducting safety orientations during onboarding for new employees can help accomplish this and prevent injuries by providing valuable information and resources. According to research, more than one-third of occupational injuries happened to workers who had been on the job for less than one year. There are several reasons why this may be the case, including: Lack of experience and knowledge—New employees may not have adequate experience or knowledge to complete the tasks in their new role safely. Additionally, new workers may come from companies that did not prioritize safety or provide resources to them to learn how to identify and mitigate potential workplace hazards. Inadequate prior training—Employers may falsely assume that new workers have had sufficient previous safety training to address industry hazards or that certain safety aspects of the job are “common sense” and fail to address these knowledge gaps. Unfamiliar environment—A new job comes with a new environment and related hazards. For example, new employees may not know how to handle dangerous materials or how to properly use personal protective equipment. They also may not know where to report safety concerns or how to respond to workplace accidents or emergencies. Desire to make a good first impression—New workers may be eager to make their new employer happy, so they may take on more tasks or tasks that are beyond their expertise. They may also be hesitant to ask questions or seek guidance for fear of appearing that they lack knowledge. Lack of supervision—New workers may not receive the same amount of oversight since they have lower levels of responsibility. Proper safety orientations during new employee onboarding can help address these issues and provide several key benefits, including the following: Improved safety—Comprehensive safety orientation can help prevent injuries to new employees. It can also bolster their safety awareness and provide them with vital safety knowledge and resources. Reduced expenses and increased compliance—Fewer injuries mean fewer workers’ compensation claims and related expenses and fewer work days missed. Additionally, holding safety trainings can help businesses comply with various state, local and federal regulations and avoid fines and penalties. Improved morale and retention—Safety education during onboarding can demonstrate employers care about workers’ well-being. This can lead to improved morale, which can increase productivity and retention. Although the specifics of orientations may vary, certain aspects can make them effective across industries and positions. This includes ensuring the information is relevant, including helpful resources (e.g., safety manuals, injury reporting protocols, return-to-work processes, incident response measures, and OSHA content) and keeping the presentation engaging (e.g., using visuals and hands-on training). Following up and gauging comprehension of the information is also essential. By holding effective safety orientations during onboarding, businesses can demonstrate their commitment to safety and prevent injuries. Contact us today for more information.

Mobile malware—malicious software designed to gain access to private data on mobile devices—is a growing threat to companies’ cybersecurity. As companies embrace remote work and more employees use their personal devices for work-related tasks, cybercriminals are finding more opportunities to exploit these vulnerable and often unsecured devices to access corporate servers and sensitive information. The consequences of these cyberattacks can be devastating for organizations. According to Verizon’s Mobile Security Index, 33% of security professionals have reported a security compromise involving a mobile device. In addition, 47% said remediation was “difficult and expensive,” and 64% said they suffered downtime. Cybercriminals can deploy mobile malware in a variety of ways, including through malicious apps, network-level attacks, and even by exploiting vulnerabilities within the device and its operating systems. This article provides more information on mobile device security threats and steps businesses can take to prevent related losses. Mobile Security Threats As cybersecurity threats become more frequent and severe, organizations must take the time to understand the potential risks of allowing employees to use their personal mobile devices for work-related activities. The following are common mobile device security threats: Phishing and smishing—Phishing and smishing scams are the number one security threat to mobile devices, according to IBM. While phishing uses emails and smishing uses text, both strategies involve sending messages that contain malicious links to infect devices with malware or trick victims into sharing account details or business information. Social engineering is often used in phishing and smishing scams by weaponizing key attributes of a victim, such as where they work, their job status and their recent posts, to gain trust and get important information out of them. Malicious apps—Official app stores like Apple App Store and Google Play have many checks and balances in place to prevent malicious code, but malicious apps may still get through these processes. Once a malicious app is installed, hackers can steal or lock data stored in the mobile device or spread more malware. Insecure Wi-Fi and network spoofing—When an employee uses a compromised or public Wi-Fi network, their device instantly becomes vulnerable to cyberattacks. Cybercriminals can conduct man-in-the-middle attacks—when communication between two systems is intercepted by a third party—while remaining undetected by the user through insecure Wi-Fi and network spoofing. Insecure Wi-Fi, such as open or free Wi-Fi hotspots, can allow cybercriminals to intercept device network traffic. Network spoofing entails a hacker impersonating a network’s name to trick users into signing in, allowing them to access user data. Outdated operating systems (OSs) and apps—Older OSs and apps may contain vulnerabilities that can be exploited by cybercriminals. While software patches and updates are often released by developers to address security vulnerabilities, any delay or avoidance in updating an OS or app could put data stored on the mobile device at risk. Mobile Device Threat Prevention The consequences of mobile device security breaches can be devastating to an organization, potentially resulting in a loss of profits, data, reputation and compliance. To minimize mobile device security threats, organizations can take the following precautions: Train employees. Employees are the first line of defense for protecting mobile devices against malware. Therefore, cybersecurity awareness training can help employees combat scams by teaching them to identify telltale signs of phishing, smishing and malicious apps, avoid public and insecure Wi-Fi networks, and keep their devices’ software up to date. Install a virtual private network (VPN). A VPN connection disguises online data traffic and protects it from external access. Unencrypted data can be viewed by anyone who has network access, but a VPN restricts cybercriminals from deciphering data. Activate multifactor authentication (MFA). MFA can prevent account compromises by requiring users to provide multiple security credentials to access a device or account. Examples of MFA include entering a code sent to a user’s email, answering a security question or scanning a fingerprint. Install zero-trust-enabled applications. A zero-trust security model evaluates access requests based on predefined controls. Legitimate access requests are permitted, and unauthorized requests are blocked and logged. With this strategy, installing zero-trust-enabled applications can reduce cybersecurity risks by restricting access to applications that aren’t permitted. Turn on user authentication. User authentication on mobile devices verifies a user’s identity through one or more authentication methods, such as passwords or VPNs, to ensure secure access. Develop bring-your-own-device (BYOD) policies. A company should develop and implement BYOD policies when allowing or requiring employees to use their personal devices for work-related activities. BYOD policies should address which devices and apps are permitted and outline security requirements. Create device update policies. Cybercriminals can infiltrate mobile devices through unpatched software. Therefore, a company device update policy should require employees to update their devices and apps as soon as a patch becomes available. Back up mobile data regularly. Regularly backing up data can help companies recover in the event a mobile device is lost, stolen or otherwise compromised. Backups can protect against human errors, hardware failure, virus attacks, power failure and natural disasters. Implement a password policy. A strong corporate password policy can ensure that systems and data are as secure as possible. Some best practices include encouraging employees to use unique, complex or long passwords; enabling MFA; and using password management systems. As mobile devices and their applications become increasingly utilized for work-related activities, companies must remain vigilant in their cybersecurity efforts to mitigate associated risks. For more risk management guidance, contact us today. Contact your Cottingham & Butler representative for additional guidance. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice.

The Situation Our prospective client is an agricultural design-build general contractor who had been with their broker for 20+ years. After years of cold calls and requests to meet, the president of the company invited Cottingham & Butler in to review their program. He felt it was on auto-pilot and that a fresh perspective “would not be a bad thing.” Cottingham & Butler performed a comprehensive review of the existing Risk Management Program and uncovered the following: Ten insurance carriers had never received a submission for this insured (discussed with twelve carriers). $75,000 worth of annual opportunity was found in Captive Insurance; $100,000 of annual opportunity found in a Retrospective plan. 20+ program deficiencies were found within the current policies, most notably within the Professional/Pollution policy that contained an exclusion that removed coverage for "Design Services," despite that being the client's niche. Several critical recommendations were made to the subcontract agreement surrounding the indemnification and insurance requirements. Our Results A thorough exploration of the carrier marketplace resulted in a premium reduction of $126,355 (25%). Program design options were negotiated, including captive insurance, retrospective plan, and dividend options. All program deficiencies were corrected at no additional premium. A customized safety service plan was created and implemented.

It is a trend today for mergers and acquisitions to have more condensed timelines than they used to, which can lead to less time for performing a due diligence review. A rushed due diligence process increases the number of risks that could slide under the buyer’s radar when reviewing a seller’s past and current liabilities. The reason hidden liabilities are such an issue is that the buyer’s insurance typically doesn’t cover them. Usually, when a company is acquired, its liability coverages are terminated or turned into run-off coverage, which expires after a set period, depending on how the policy language is written. If these potential liabilities aren’t considered when the purchase price is decided and the contract drawn up, the buyer could find itself questioning the transaction down the road—when it is too late to take any corrective action. Taking on Liability During a merger or acquisition, the buyer takes on the liabilities of the acquired company. The extent to which liabilities are taken on is determined by the type of sale. If the sale is an asset sale, the seller retains possession of the legal entity and its liabilities. Only the seller’s assets and their accompanying liabilities are transferred to the buyer. Assets could include items like equipment, trade secrets, inventory, or licenses. Buyers typically prefer these types of purchases, as they reduce the likelihood of future contract disputes, product warranty issues, or product liability claims. In a stock sale, the buyer purchases the selling shareholders’ stock directly and therefore obtains ownership of the seller’s complete legal entity and all of its accompanying liabilities. Stock sales present more risk for buyers, who need to prepare for the possibility of future lawsuits, environmental concerns, employee issues or OH&S violations. These liabilities can be reduced to some extent through insurance policies and indemnifications. Still, performing thorough due diligence in a stock sale is crucial. Consider the following examples of hidden liability: A selling company purchased several other organizations in the past few years, all of which the buyer must now track down, whether they still exist or not, to identify all their associated liabilities. A selling company has legacy exposures, which are ongoing legal claims that arose against the acquired company many years ago. The buyer must research past cases and determine possible financial implications as well as their impact on its reputation and the possibility that similar cases could arise in the future. Organizing and Updating Existing Insurance Policies Depending on the circumstances, it may be wise for the buyer to combine the seller’s existing insurance policies with its own. For example, the seller might have its fleet insurance structured one way, and the buyer might have its fleet insurance structured differently. Multiplying policy discrepancies across various lines of insurance and keeping track of policy limits, exclusions, and deductibles becomes challenging. The buyer might find it more convenient, and more cost-effective, to insure all the risks for both companies together. In addition to convenience, consolidation of policies will allow the buyer to reassess insurance policies to make sure the seller’s limits are set at an appropriate value and deductibles are well-suited for the needs of the merged entity. A knowledgeable insurance broker is an invaluable asset during a merger or acquisition. Environmental Risks Every year businesses are faced with stricter environmental guidelines, meaning more environmental liabilities exist. Some types of environmental liabilities the acquired company could face in the future are pollution, mold, and hazardous materials in air, in water or on land. It’s important to pinpoint early any exposures for the company being acquired. Here are some ways to manage environmental risks: Environmental impairment liability insurance covers any vulnerabilities due to the void in general liability policies for pollution coverage. Risk remediation cost containment insurance can cover any cost overruns that weren’t expected during pollution cleanup. Premises pollution liability insurance covers the costs of both off-site and on-site cleanup and remediation, as well as third-party lawsuits brought on because of hazardous material exposure. D&O Risks Directors and officers (D&O) policies are typically structured as “claims made.” This means the insurance does not cover the company after the policy expires. If a claim is filed against the seller after the seller’s D&O policy expiration date, the seller will then be responsible for paying any charges in full. Depending on specific contract details, this could mean that the buyer is responsible for footing the bill since it now has those responsibilities. D&O policies are written with term limits, but claims may be brought up in the future after the term limit has passed. To combat this risk, the seller will often purchase a noncancelable, pre-paid policy for a specified period, which is called run-off or tail D&O coverage. Buyers will also want to consider that the directors and officers of the company being acquired—who may be slated to become executives of the acquiring company—will need to be added to the buyer’s D&O policy. The policy of the company that was acquired will provide coverage only for actions that transpired when those directors and officers were executives of the acquired company, before the merger or acquisition; new coverage is needed for any future actions that occur. Additional Coverages to Consider In addition to updating existing coverage, many buyers purchase legacy liability policies, also called tail liability coverage, which cover the risk of future claims from the seller’s discontinued products. Buyers also often purchase representations and warranties insurance to address any seller misrepresentations (intentional or not) that would impact the accuracy of the purchase price. Asking the Right Questions Asking questions, even when they are complicated or uncomfortable, and clearing up any confusion helps a buyer reduce risks and determine an accurate purchase price. Here are some questions that are not always asked, but should be: Are there legal and financial risks attached to this merger/acquisition, and if so, what are they? Do the acquired company’s insurance policies have term limits that can sustain future financial liabilities, and any others that might pop up from past activity, before the transaction occurs? Does the acquired company face any environmental liabilities at present time, and if so, what are they? Is the acquired company in need of environmental cleanup in the future? How often? What are the specific terms and conditions in the D&O policy of the acquired company? Does the D&O policy have any statute-of-limitation clauses? Does the company’s post-transaction risk summary look different from how it did prior to the purchase? Managing the hidden risks during a merger or acquisition may seem like a daunting task, but with the right information and support it can be done smoothly and thoroughly. Talk to Cottingham & Butler's M&A t for further insight into your potential risks and the measures that would best protect your company. The above article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or a member of Cottingham & Butler's team directly for appropriate advice.

A 3rd generation family-owned and operated commercial egg-laying operation in the Pacific Northwest was continually seeing rate increases year after year. Cottingham & Butler completed its in-depth Risk Management Assessment (RMA) and uncovered numerous opportunities for improvement, primarily as it relates to the current structure of the property placement in the short and long term. Our Results Year 1 - Short Term/30 Days In the initial year, our team secured a remarkable -13% renewal rate with new capacity, while also negotiating enhanced coverages to fortify the client's risk management portfolio. Year 2 Building upon the foundation laid in the first year, we began a strategic restructuring of the entire property placement process. By consolidating the client's coverage with a single carrier, we ensured comprehensive coverage for the total insured value (TIV), accompanied by a significantly reduced deductible of only one-third. This meticulous restructuring culminated in an impressive -52% net reduction in premium, yielding approximately $290,000 in savings when compared to the incumbent renewal program. Enhancements in Property Limits Previously, the insured had been constrained by purchasing a loss limit solely due to the cost implications of insurance. Leveraging our industry connections, we were able to secure a standard market option that facilitated the acquisition of full property limits. This transition marked an increase of approximately 67% in property limits, empowering the client with greater financial protection and risk resilience. Property Rate Optimization Through rigorous negotiation and analysis, we successfully decreased the blended property rate from $1.50 to $0.66 per $100 of value. This substantial reduction not only alleviated financial strain but also underscored our commitment to optimizing cost efficiencies without compromising coverage quality or client satisfaction. Our meticulous approach to restructuring the property program delivered tangible results, culminating in substantial cost savings, enhanced coverage, and fortified risk management strategies for our client.

In the 1996 movie classic, “Twister,” Dusty runs out of the RV at the drive-in movie theater and yells to Bill, “It’s coming! It’s coming straight for us!” and Bill replies with an apprehensive and fearful look at the ominous, night sky, “It’s already here.” That scene reminds me of the property insurance world and the hard market.  The “hard market” isn’t coming—it’s already here! For those of you new to this terminology, a “hard” insurance market represents a period of rising rates, less capacity, and unfavorable terms mandated by insurance companies to the insurance buyer. Our team at Cottingham & Butler has been sounding the bell about the hard market, and dealing with a challenging property renewal is less about “if” than “when.” Ten years ago, a dozen admitted insurance carriers would insure property insurance for foundries—today there are less than five. This article is designed around what you can do to be prepared to manage upcoming insurance renewals. Let’s start with a brief overview of the current insurance market. Property insurance is no longer (and hasn’t been for a while) a regional issue. In today’s climate, what happens in Florida or California, affects us in the Midwest and vice versa.  We’ve dealt with wildfires, windstorms, snowstorms, hurricanes, and flooding. These natural catastrophes have caused many billions of dollars in claims costs to insurers. In 2022, natural disaster damages were over $115 billion and that follows $121 billion in 2021. Along with those disasters, the industry still manages the additional losses from less catastrophic but just as costly claims ranging from fires and explosions to broken water pipes. In response, insurance carriers and their insurance providers (known as reinsurance carriers) are increasing their rates, diminishing their appetite for risk, offering less favorable terms, and heightening underwriting scrutiny. In December 2022, Ernst & Young Global predicted reinsurance rates to rise 50% during the January 2023 renewals, setting the stage for further increases throughout 2023. Another factor impacting insurance costs is the valuation of assets and inflation. The material costs of construction (e.g., concrete, drywall, pvc pipes, etc.) are up as much as 53% year-over-year. Lumber cost is the one category that saw a reduction during 2022. With that in consideration, many property valuations on insurance schedules are likely undervalued versus their true cost. The cost to rebuild your facility is significantly higher than it was three or four years ago. When was the last time you had a formal appraisal of the cost to replace your building? Likely you haven’t and therefore insurance carriers are scrutinizing the cost per square foot much closer. One final factor for the foundry industry is reputation. Google search “foundry fires” and “foundry accidents” and look at just the first results page. This is what underwriters and insurance company analysts see and use to formulate their opinions about foundries. Despite the fact that every day, 1,750 foundries are operating safely, historical events influence and cast doubt on the viability of a foundry as a good underwriting risk. These factors create the perfect storm for insurance companies to dictate purchasing terms in what we collectively call a “hard” market. In some cases, insurance companies are simply walking away from insuring what they consider “riskier” businesses. Metalcasting is one category that is considered high risk and unfavorable for underwriting. From the graph in Figure 1, the property market is seeing continued upward pressure for the last six years with a substantial spike during the latter part of 2022.  The first quarter of 2023 rate increases so far have continued their upward trend. With that said, you can survive the hard market. It takes additional work and effort on your part and the part of your insurance broker, however. Here are some strategies on what we can collectively do to get through these challenging conditions: 1. Strategize with your broker and do it early! The standard approach taken by insurance brokers for the renewal process is to make submissions 90 days in advance of the expiration date with the likelihood of having the renewal finalized two weeks before your policies expire. That process works in a soft market but in the market we are in today, that process will fail. Instead, have your planning meeting five months in advance of the expiration date, update all underwriting materials, and make sure submissions go out early. Every insurance company is going to want loss control, every insurance company is going to question the values, and every insurance company is going to have to go to their reinsurance markets to build limits for your business. This takes time so use it to your advantage. 2. Decide on your risk tolerance. What deductibles can you live with? Does every structure need to be insured? Does the program need to be on replacement cost or would actual cash value suffice? These are questions many businesses are considering in order to lower their insurance premiums. 3. Update your values. When was the last time you hired an appraisal company to provide a true estimate on the replacement cost value of your buildings and equipment? When I ask that question, the answer is typically “It’s been years” or “Never.” Insurance companies are going to demand the values of your buildings be based on either a third-party valuation or another metric for you to justify why your 50,000-sq.-ft. facility is insured for $2.5 million when their data suggests it should be valued at $6 million. Higher values drive more premium, which insurance companies want; therefore, take control and tell them what your values are. If you don’t, they will dictate those terms to you, which could cost you tens of thousands of dollars. 4. Satisfy the loss control recommendations. This may be the most critical area for your team to review and the one area you can directly control. Remember when the loss control person from the insurance company visited your facility and then provided you a list of “recommendations” for improvements? You likely “filed” this and moved on with your day. No more! If those recommendations (let’s call them mandates) are not addressed or completed to the insurer’s satisfaction, there is a high likelihood that insurance carrier will non-renew your insurance policies.Key areas to review are: Fire protection: We all know we can’t have sprinkler systems over the pour floor, but insurance carriers will expect sprinkler systems everywhere else, especially your pattern and mold shops and storage areas. Hot work permit systems: I’ve seen this on almost every inspection report and the requirement to have a hot work scope of work and procedures written out in detail. Dust collection: More and more carriers will want to see updated dust collections systems with spark detection and fire suppression as part of the system. Flammables: Everything from 275-gallon solvent totes to 1 gallon paint cans need to be stored properly and away from heat and flame. I had one insurance carrier dictate they would only offer a quote if the foundry would build a separate building with sprinklers for the foundry to store all their placard flammable materials. 5. Be thorough in your description of operations. Do your insurance underwriters actually know who you are and what you do and what makes your business different from all the other metalcasters they get submissions on?  Having a narrative or a “description of operations” on your business is an often overlooked part of the insurance marketing process, but if you don’t have one, then you are relying on an application and the Google search the underwriter will review to be the narrative. Again, take control and get your story told the way you want it told. 6. Know your insurance policies. I know you are working with your broker to be your advisor, but I would suggest educating yourself on what is in your insurance policy and what you are actually paying premium for. How is the business interruption and extra expense calculated? Is your policy a blanket or scheduled? What are the sub-limits? The key is to be an educated consumer so you can negotiate your options effectively. 7. Meet with underwriters directly (if this makes sense). This goes hand in hand with the description of operations discussion in that the underwriters need to know who you are and your business. Do you know many of the underwriters I speak with have never been in a foundry? Yet, we expect them to write the insurance for you! Work on getting your underwriter to come to your facility so they can see firsthand your operations and what you are doing to make your operations best in class. If you don’t feel your facility is ready for an underwriter visit, consult with your broker to uncover the steps to be prepared for this visit. The hard market is not going away anytime soon. In this market the insurance companies control who they will sell to and the terms of the sale. As buyers of insurance, the more educated we can be about the seller’s interests the better we can position ourselves for the best terms. Therefore, take charge of what you can control: Update the valuation of your assets. Conduct and document safety, site management, and basic housekeeping. Document and communicate facility upgrades and improvements. Create a clear description of operations. Partner with your insurance broker/agent for a renewal marketing plan. There are many things we cannot control, such as the facultative reinsurance market or if the insurance company “suits” decide they are pulling out of writing more foundries. However, focusing on what we can control and taking action will drive results. An adage around our firm is, “We can’t direct the wind, but we can adjust the sails.” As the storm continues to churn and winds blow, let’s adjust the sails and find calmer seas. JOHN LINK, CPCU,CIC Vice President, Risk Management 563.590.0428 jlink@cottinghambutler.com