3 Insurance Strategies To Reclaim Liquidity

The COVID-19 pandemic has had wide-ranging economic impacts, causing lost revenues and creating liquidity challenges. As organizations weigh tactics to sustain through the current crisis and avoid a cash crunch, it’s important to consider options beyond cutting costs and streamlining processes. Strategically approaching the insurance risk program can be a vital method to unlock liquidity by maximizing potential recovery, recouping premiums and refreshing the insurance risk strategy.
 

Potential Recovery

Many organizations face unprecedented disruption to operations because of the pandemic, including stay-at-home orders and the shutdown of non-essential businesses, and there is a lack of muscle memory for dealing with insurance under these unique circumstances. It is critical for organizations to identify the existing and potential insurable losses, document and calculate all losses, and file a claim with their insurance company. Doing so in a timely manner helps protect liquidity by preserving your rights under the policy.

Although many insurers have indicated that COVID-19 does not fall under property insurance or business interruption coverage due to virus-related exclusions in the policy, that may not necessarily be the case. There is active litigation related to the clarity and consistency of policy exclusions for loss due to virus or bacteria, and potential legislative changes could also have widespread implications for insured organizations.

No two insurance claims are alike, because every claim has a unique set of circumstances. That’s why you need to review your coverage in detail—and examine the specific facts associated with the loss—to understand all possible areas of claims recovery that could apply. For example, there may be relevant manuscript policy language crafted specifically for your organization’s coverage. That raises the possibility that certain endorsements, ISO or insurance company-specific, are either absent or worded differently from the standard forms. There could also be other policy provisions that limit the application of the exclusion for loss due to viruses.

Other insurance coverage (e.g., executive risk, commercial general and excess liability, workers’ compensation, et al.) may apply as well.  We are seeing, and expect to see, many more claims against Directors and Officers for mismanagement, bodily injury for illness and death with a claim of negligence, and workers’ injuries due to the virus, to name a few.  These losses are potentially covered in one or more of your other insurance policies and can provide recovery relief for defense and indemnity costs.  Also, in the case of renewals for Claims Made policies, the impact of any COVID-19-specific exclusions should be examined and the implications on present and past coverage understood. 

To maximize your organization’s potential recovery, each policy needs to be scrutinized for specific coverage grants and exclusions to determine coverage under the particular circumstances. Due to the complexity involved, engaging with an experienced specialist can help you analyze both the policy and the set of facts in granular detail.
 

Recouping Premium

Another method for reclaiming liquidity is by recouping part of the insurance premium. Due to efforts to slow the spread of COVID-19, there are far fewer drivers on the roads, which has led some auto insurance companies to give customers refunds on premiums. Why shouldn’t your organization get the same treatment if the exposure to risk has diminished?

Evaluating the underwriting data provided to the insurance markets at the most recent renewal can help identify how to recoup premium. If the pandemic has caused temporary business closure, reduced employee headcount or decreased sales, then the business interruption calculation has changed. This can justify a new assessment of the value for updated premium calculation. Several strategies can facilitate the reclamation of premium, including a mid-term policy negotiation, accelerating policy audits, evaluating loss reserves, revision of go-in exposure estimates or even policy cancellation and rewrite.
 

Key Questions to Ask Yourself:

  1. Have you explored the availability of insurance for COVID-19-related claims?
  2. Have you preserved your rights under your claims made D&O insurance policies?
  3. Have you investigated a premium refund from your insurance company yet?
  4. Do you have a strategy to lower premium cost with your pending renewal?

Future Preparation

A failure to prepare often leads to unfortunate consequences, so it’s crucial to plan for the future now. You can use this crisis as an opportunity to reassess the management of organizational risk going forward. There are numerous options for the insurance risk strategy, including reconsidering deductibles, limit selections and policy purchases.

Your organization can also reevaluate how it presents its risk profile to the insurance market—such as by restructuring, updating and expanding the underwriting exposure data about payroll, revenue, and business interruption values. This can generate competition among insurers on pricing and terms, thereby driving down costs. Another option is the utilization or expansion of alternative risk vehicles (including captive products). By reconsidering the strategy for managing organizational risk at this critical time, you can prepare the organization to reclaim liquidity in the future.
 

COVID-19 Insurance Risk Program Checklist

Maximize Potential Recovery

  • Assess the presence of all current and potential COVID-19 claims
    • Property Damage / Business Interruption
    • Pollution Legal Liability
    • Workers’ Compensation / Employers Liability
    • Fiduciary Liability
    • Directors & Officers Liability
    • Employment Practices Liability
  • Preserve insured rights in Claims Made insurance policies
  • Track external litigation and legislation that opens new recovery opportunities for your organization
  • Utilize the government COVID-19 stimulus programs
  • Track claim details potentially related to COVID-19

 
Recoup Premiums

  • Update underwriting exposure data (e.g., business interruption values, payroll, headcount, revenue)
    • Accelerated policy audits
    • Mid-term insurer negotiations
    • Policy cancellation and rewrite
  • Consolidate purchases of excess insurance capacity (e.g., shared limits for D&O, EPL, Crime and Fiduciary; multiple-year and single-limit policies)
  • Re-evaluate coverage limits purchased
  • Actively drive down self-insured and insured claim reserves

 
Prepare Your Insurance Risk Strategy for the Future

  • Restructure, update and expand underwriting exposure data (e.g., business interruption values, payroll, headcount, revenue)
  • Update your insurance risk strategy (e.g., deductible/retention/limit selections, policy purchases)
  • Compete your insurance brokers and insurance markets to drive down cost
  • Consider the use, formation or expansion of a captive insurance company

Strategize to Thrive In the face of disruption and uncertainty, these insurance strategies form a key part of an effective organizational response. They can help to successfully reclaim liquidity in both the near term and long term, which puts an organization in position to thrive once the crisis subsides.

Five Key HITRUST Developments To Monitor In 2020

Cybersecurity incidents continue to place immense pressure on healthcare organizations globally, jeopardizing not just patient data and the reputations of leading healthcare companies, but more importantly, patient safety. In each of the past two years, three-quarters of healthcare organizations experienced a significant security incident, according to the 2019 HIMSS Cybersecurity Survey. Organizations certified under HITRUST (Health Information Trust Alliance), the most widely adopted security framework in the U.S. healthcare industry, provide their patients and partners peace of mind, representing they have established a control environment to safeguard patient information.

Cybersecurity threats continue to evolve, so the HITRUST CSF must evolve as well. Here are five key HITRUST developments that healthcare organizations and other companies should monitor in 2020.
 

1.       COVID-19’s Impact on the HITRUST CSF

During times of rapid change, internal controls and information security requirements often must adapt to the new circumstances. The COVID-19 pandemic certainly qualifies as one of these times. On March 5, HITRUST released an advisory waiving the requirement that in-person / on-site validation procedures be performed at the assessed entity’s facilities. “In situations where assessors choose to leverage alternative approaches such as video conferencing to perform necessary walkthroughs and observations, assessment documentation must clearly reflect the nature, timing, and extent of the alternative approaches used,” the announcement said. On March 19, HITRUST issued a separate advisory stating that it isn’t currently issuing a blanket extension of timing-related requirements tied to assessments, although extensions are possible on a case-by-case basis. We will be closely monitoring the situation to see if HITRUST announces any additional COVID-19-related advisories that directly affect the certification process. HITRUST advisories on can be found on its CSF Assurance & Implementation Bulletin.
 

2.       HITRUST CSF Version 10

HITRUST CSF version 10 is expected to be released in December 2020. Although the timing of this release could still change, a few things are fairly certain. HITRUST CSF Version 10 is expected to continue HITRUST’s efforts to be more industry-agnostic and accommodate the needs of industries such as travel, tourism and financial services, as HITRUST expands its focus beyond healthcare. This is expected to be accomplished through a combination of changes. These include the establishment of a “core” or baseline set of implementation requirements and controls for all organizations and a new focus on choosing additional relevant regulatory factors to determine the scope of assessments. These changes will be supported by providing clearer and more consistent language and syntax for implementation requirements and further use and leverage of the new shared responsibility matrix (more on this below).
 

3. PRISMA Weighting Updates

HITRUST CSF’s PRISMA weighting scale previously gave equal importance to policies (25%), procedures (25%), and implementation (25%), with measurement and management making up the remaining 25%. In 2020, those weightings have shifted to emphasize the importance of effective implementation of the controls necessary to obtain HITRUST CSF certification. The new weightings will be 15% for policies, 20% for procedures, 40% for implementation, 10% for measurement, and 15% for management. See HITRUST’s recent webinar for more information.

The message from these PRISMA weighting updates is clear: having well-documented policies and procedures is not enough; strong implementation of internal controls is essential to HITRUST CSF certification.
 

4. New Shared Responsibility Program and Matrix

Continued growth in cloud computing has spurred other changes to the HITRUST CSF assessment and certification processes. In addition to meeting its own requirements, HITRUST CSF-certified cloud providers working with healthcare organizations are encouraged to operate within HITRUST’s new shared responsibility matrix. This shared responsibility matrix is designed to avoid misunderstandings about who owns and is responsible for various sharable and inheritable controls when a healthcare organization is working with cloud computing vendors. This is particularly important when healthcare organizations use applications that reside in different cloud environments that must communicate and share data. The shared responsibility matrix was developed with input from the top 20 cloud providers in the market to ensure its effectiveness and relevance. Over the next 12 to 18 months, HITRUST will continuously release guidance on how the Shared Responsibility Program can be best utilized.
 

5. Additional HITRUST Tools and Resources

Several HITRUST resources are being updated or have seen more robust usage:

  • The HITRUST Threat Catalogue, which was initially published in late 2018, is designed to provide organizations with greater visibility into the threats they face and how those threats tie to appropriate HITRUST CSF control requirements. The catalogue is continually updated to ensure that healthcare organizations have the latest information about relevant threats and can continue to meet their control responsibilities and HIPAA compliance requirements.
  • A growing number of healthcare IT startups have begun using the HITRUST RightStart Program to establish their compliance and risk management programs. This is part of an increasing trend throughout the healthcare ecosystem to find innovative solutions through startups, which now join providers, hospital systems, and insurance companies in seeking HITRUST CSF certification.
  • More healthcare organizations are now using the HITRUST Assessment Exchange to obtain and manage information on vendors’ risk management practices and information security and privacy programs in a cost-effective way.

Insight: Assesor Quality Matters

In addition to these more recent developments, HITRUST has significantly increased its emphasis on the importance of assessor organization quality. As the HITRUST CSF has grown in acceptance, the organization has seen a widening range in the quality of the companies delivering those assessments.

This divergence highlights the importance of working with assessors that bring the professionalism and standards of a CPA and auditing firm to the HITRUST CSF assessment and certification process.

Providing Economic Aid: Federal Reserve Announces Main Street Business Lending Program

On April 9, the Federal Reserve announced additional actions it will take to provide up to $2.3 trillion in loans to support the U.S. economy. The Federal Reserve believes this funding will assist households and employers of all sizes and bolster the ability of state and local governments to deliver critical services during the coronavirus pandemic. Also on April 9, Federal Reserve Chair Jerome Powell stated: 

“We have acted to safeguard financial markets in order to provide stability to the financial system and support the flow of credit in the economy. … Many of the programs we are undertaking to support the flow of credit rely on emergency lending powers that are available only in very unusual circumstances. … We will continue to use these powers forcefully, proactively, and aggressively until we are confident that we are solidly on the road to recovery.”
 

Main Street Business Lending Program

Among the actions taken to offer companies liquidity, the Secretary of the Treasury will make a $75 billion equity investment using appropriated funds from the CARES Act in a special purpose vehicle (SPV) established to implement a Main Street Business Lending Program.

According to Treasury Secretary Steven Mnuchin:

“The Main Street Business Lending Program will make a significant difference for the 40,000 medium-sized businesses that employ 35 million Americans. This important Main Street initiative complements the robust relief efforts already underway, such as the Paycheck Protection Program, Employee Retention Credits, and Economic Impact Payments, while protecting taxpayer funds.”

This program aims to increase the flow of credit to small and medium-sized businesses that were in good financial standing prior to the COVID-19 crisis. The program will either expand existing credit facilities (MSELF) or originate a new loan facility (MSNLF). To do so, the program will offer four-year loans (via eligible lenders) to companies that meet at least one of the following criteria:

  • Employ up to 10,000 employees, or
  • Had 2019 annual revenues of $2.5 billion or less.

Eligible lenders will retain a 5% share of the Main Street loans and sell the remaining 95% share to the SPV, which will purchase up to $600 billion in total loans.
 

Eligible Loan Details

Loans made pursuant to this program will have the following features:

  • Unsecured four-year term loan
  • Originated on or after April 8, 2020
  • Principal and interest payments are deferred for one year
  • Adjustable rate of the secured overnight financing rate plus 250-400 basis points
  • Minimum loan size of $1 million
  • Maximum loan size the smaller of either:
    • $25 million, or
    • Loan amount, when added to the eligible borrower’s existing undrawn debt, does not exceed 4x the borrower’s 2019 EBITDA
  • Prepayment allowed without penalty
  • May only participate in one program (MSELF or MSNLF)
  • May not participate in Primary Market Corporate Credit Facility (PMCCF)


Attestation Requirements

Lenders and borrowers will have to attest to at least the following:

Eligible Lenders​

Use of Loan ProceedsWill not be used to repay or refinance pre-existing loans made by the eligible lender
Existing Lines of Credit to BorrowWill not cancel or reduce existing lines of credit to the eligible borrower
Certification of EligibilityMust certify that it is eligible to participate in the Facility


Eligible Borrowers

Use of Loan ProceedsWill not be used to repay other loan balances or other debt of equal or lower priority unless the eligible borrower has repaid the eligible loan in full
 
Cancellation/Reduction of Existing DebtWill not cancel or reduce any existing lines of credit with the eligible lender or any other lender
Financing Is RequiredAttest that it requires financing due to the COVID-19 pandemic and that it will use loan proceeds to make reasonable efforts to maintain payroll and retain employees during the term of the loan
EBITDA ConditionsLoan proceeds do not exceed 4x 2019 EBITDA
Other RestrictionsMust follow compensation, stock repurchase, and capital distribution restrictions under section 4003(c)(3)(A)(ii) of Title IV in the CARES Act
Certification of EligibilityMust certify that it is eligible to participate in the Facility


Fees

Eligible borrows and lenders will be subject the following fees:

  • Eligible lenders will pay a fee of 100 basis points of the principal amount of the loan purchased by the SPV but may request that the eligible borrower pay this fee.
  • Eligible borrowers will pay eligible lenders an origination fee of 100 basis points of the principal amount of the loan.
  • Eligible lenders will receive 25 basis points of the principal amount of the loan purchased by the SPV for loan servicing.

Both the Treasury and the Federal Reserve noted that businesses vary widely in their financing needs. As the program is being finalized, they will continue to seek input through April 16 from lenders, borrowers, and other stakeholders to make sure the program supports the economy as effectively and efficiently as possible while also safeguarding taxpayer funds.

Insight

  • The Main Street Business Lending Program will provide eligible businesses access to loans in addition to other aid provided under the CARES Act, such as the Payroll Protection Plan or the Coronavirus Economic Stabilization Plan. Businesses should consider consulting with an external professional service provider to help determine if they qualify under this plan, how these loans affect other federal aid already applied for or received, and how to work with eligible lenders for the application process.
  • Eligible borrowers should develop a compliance program that should be continuously monitored for the life of the loan to ensure that none of the loan covenants are breached, which could result in penalties or other adverse consequences.
  • Borrowers should be mindful of loan disclosure implications and follow appropriate standards for disclosure in notes to the financial statements.  
  • To the extent that eligible businesses have thoughts, concerns, or other suggestions related to the Main Street Business Loan Program, they must communicate those to the Federal Reserve on or before April 16 for consideration before the program is finalized.

Disclaimer
The above has been prepared solely for informational purposes.  Any opinion expressed herein shall not amount to any form of guarantee that we have determined or predicted future events or circumstances, and no such reliance may be inferred or implied.  We accept no duty of care or liability of any kind whatsoever to any party, and no responsibility for damages, if any, suffered by any party as a result of decisions made, or not made, or actions taken, or not taken, based on this information.