Answer:
Answer by Michael Guard:
Look at the risk assessment performed by your institution for e-banking. If there are risks for which you do not have strong controls, you have two choices: you either procure insurance, or you bear the risk (self-insure). If you don't have insurance specifically covering any potential threat you have identified regarding e-banking, you should consider the institution to be self-insured on it. While there has been at least one case where network downtime was considered a property loss under an insurance contract because there was not adequate language to exclude coverage, you should generally not expect your contract to be interpreted in your favor in this area on issues not specifically excluded.
This is a hot area where policies are being changed and courts disagree as to the proper interpretation of the insurance contracts. While normally insurance contracts do get interpreted against the insurance company on any issue that is ambiguous, that is not true for issues that were never considered by either party, such as many issues relating to e-banking.
As a financial institution you do not want to assume you have coverage for e-banking related issues under any policy unless there is specific language providing coverage. In my opinion, in this rapidly changing area it would not be a prudent business decision to assume something will be covered because it is not specifically excluded. You want language in the policy that makes it clear there is coverage.
You should also consider insurance even for the risks you have good controls for. Perform a risk assessment. Consider the likelihood of each particular risk and how significant the damage could be. Then decide if you want to be self insured for the potential exposure you have.
Another area to consider is coverage for all services any service provider provides your institutionin connection with your e-banking. While a service provider can be contractually obligated to reimburse you for all costs and damages, and might even have insurance for their negligence, legally you cannot get away from your responsibilities to your customers and if your service provider is financially unable to bear the loss (as might be the situation if they became liable simultaneously to multiple institutions), you should have your own coverage or consider the institution self-insured on these issues.
Remember, while you can contract for someone else to perform services for you, you cannot contract away your potential liability to your customers. The service provider has no contractual relationship with your customers. If something goes wrong and your customers suffer damages due to the negligence of a service provider, they will be looking to you to make them whole.
Answer:
Answer by Scott Simmonds:
Look at the exposures that ebanking presents then go to the insurance policies you have and see what coverage can be found. Most bank directors and officers insurance provide extremely broad coverage for third parties injured by the actions of the bank. They are almost bankers errors & omissions policies! The financial institution bond provides broad coverage for loss by theft or fraud. Most property insurance policies provide coverage for direct damage to equipment or property owned by the bank.
Work with your insurance advisor on gaps in your program based on your exposures.
Some insurers are really pushing special ebanking insurance policies. Complete the above exercise before buying such a contract - you may find that the extra coverage offered by the ebanking policy may not be worth the extra premium - you will find overlaps in the coverage provided by your bond, d&o and package policy too. Perhaps the extra premium is better spent on higher limits of coverage on the bond or d&o policy?
First published on BankersOnline.com 3/11/02
print
share