INSURANCE REVIEW MAY 2016 CONTENTS INTRODUCTION 04 CLASS ACTIONS ■ FIRMLY ON THE RADAR 06 DIRECTORS AND OFFICERS (D&O) ■ D&O, CLASS ACTIONS AND SHARED LIMITS – PERHAPS SOME SELF REGULATION AND COMMON SENSE ? 08 FINTECH AND THE INSURANCE INDUSTRY ■ THE FINTECH REVOLUTION WHAT IT MEANS FOR THE INSURANCE INDUSTRY 10 CONSTRUCTION ■ ACCESSING SECURITY UNDER CONSTRUCTION CONTRACTS WHAT HAPPENS WHEN THE MUSIC STOPS? 12 CYBER ■ INSURING ON CYBER PROTECTION – ENHANCING THE FIRST LINE OF DEFENCE 15 DEVELOPMENTS IN DEFAMATION LAW THE YEAR OF THE TWEET 18 PRIVACY ■ PRIVACY CONCERNS IN THE HEALTHCARE SECTOR 20 IMPLEMENTATION OF THE AEC AND THE IMPACT ON THE INSURANCE INDUSTRY – ARE WE READY? 22 DISCLOSURE REQUIREMENTS FOR ENVIRONMENTAL RISKS 27 MEDICAL INDEMNITY ■ LONG-TAIL LIABILITIES IN THE MEDICAL MALPRACTICE MARKET 29 EARTHQUAKE CASES KEEP NEW ZEALAND COURTS BUSY 32 INSURANCE REGULATION UPDATES AND PENDING REFORMS 34 KEY INSURANCE CONTACTS 36 www.insuranceflashlight.com | 03 It is impossible to avoid the pace of change at the moment. The way we do business in Australia and overseas is evolving rapidly as we move to a digital economy. It wasn’t long ago that we spoke of the internet as an “information superhighway”. You would be criticised as a dinosaur if you used the same expression now because it is so much more. Now “blockchain technology”, “FinTech” and “disruptors” are terms commonly used at all levels of commerce. Every industry is exposed to digital disruption and the challenges of market penetration in a world increasingly dominated by social media. David Thodey, chairman of CSIRO and former CEO of Telstra, was quoted in The Australian on 15 April 2016 as saying: We are moving to a world where engaging the power of computers – software, cognitive computing, data analysis – will be part of the job of many Australian workers who have no training in science, maths or technology. To succeed, we will have to find ways to strengthen our workplaces... In an uncertain world, adaptability and resilience will be key, both at the individual and institutional levels. The insurance industry sells risk transfer products to the entire commercial world. In the past, the word “insurance” was probably associated with words such as “dour”, “conservative” and probably “mean”. Not so now. Most people that work in insurance would say they “fell” into the industry, usually because they have the adaptability and resilience so needed at a time of intense change. Because the industry has such a broad range of touch points with all aspects of commerce – from investing its capital into technology funds, to collating valuable data and knowledge about the challenges its customers are facing – the insurance industry is well placed to prosper in this period of disruption and change. The insurance industry is part of the DNA of DLA Piper. We have a committed and co-ordinated global team with a depth of expertise across all ends of the insurance spectrum from M&A, product design and regulation, through to all aspects of claim management. And having started in 2005 to grow to one of the largest law firms in the world, innovation, adaptability and resilience is something DLA Piper knows a lot about. 04 | DLA Piper Insurance Review – May 2016 INTRODUCTION In Australia, the focus of the partners is to be a trusted and independent advisor to our clients, focused on encouraging and promoting the best legal talent to serve the industry. We are committed to delivering an annual symposium to the industry each year, having delivered a day long symposium in February 2015 and February 2016. We hope you will enjoy the series of articles provided in this publication that hopefully hit the issues of interest and concern in 2016 – the rapid growth of class actions, how to manage shared limits, fintech, cyber coverage, developments in Asia, privacy, and of course, natural disasters with Crossley Gates of our New Zealand office providing a valuable insight into the Christchurch earthquakes. Yes, this publication is in paper as we expect there are many people who still enjoy turning pages, but of course it is also available on our website www.dlapiper.com. Readers should also consider subscribing to our “Insurance Flashlight” microsite www.insuranceflashlight.com which provides regular and pithy updates on legal developments that impact the insurance industry as they happen. Please contact any of the authors of the articles if you wish to continue the conversation, or to organise a presentation to your staff or clients. And of course, we welcome your feedback on issues of interest to you for future publications. David Leggatt and Samantha O’Brien DLA Piper Insurance Sector Co-Heads, Australia www.insuranceflashlight.com | 05 KEY DECISIONS AND SETTLEMENTS FOR 2015 The Federal Court’s decision in Paciocco v Australia and New Zealand Banking Group Limited (ANZ) saw a significant setback for “would be” plaintiffs in the consumer class action space. In overturning a decision of a single judge of the Federal Court, the Full Federal Court upheld ANZ’s entitlement to charge various fees, including late payment fees. The original decision held that a number of ANZ’s customer fees were penalties, and therefore not permissible. The matter is now before the High Court. Whilst the outcome was not plaintiff friendly, and will certainly have an impact on other similar claims still on foot against banks and telcos, this is not the last we will see of high volume consumer class actions, particularly in light of new technological advances: see Paciocco v ANZ  FCAFC 50. Last year we saw the High Court unequivocally reject a special leave application in Treasury Wine Estates, and in doing so emphasized that lawyers with seemingly too close a personal stake cannot wear multiple hats as litigant, solicitor on the record and litigation funder. In the 2014 decision that the High Court refused to revisit, the Victorian Court of Appeal derailed the lead plaintiff’s case (also solicitor on the record). The Court was also quick to point out that the It has been another active year for class action and mass tort litigation in Australia, with seemingly very few industries or sectors immune, even the legal industry upon which this burgeoning area of the law has been built. We saw a variety of new suits filed, large settlements approved, and little sign that this growth in activity will wane in 2016 and beyond. According to the Class Actions and Litigation Funding – What’s all the talk about? article in Finity 2013, with the average class action in Australia taking about four years to settle, and with an average settlement cost of AU$45 million, the legal cost, disruption to business cost and reputational cost of a class action should remain firmly on the radar of corporates and insurers alike. NEW SUITS Class action activity is certainly not on the wane, with 20 odd class actions commenced throughout 2015. The second half of last year saw a raft of class action suits filed, with securities class actions filed against infrastructure giant WorleyParsons and mining and construction firm Macmahon Holdings. Interestingly, franchisees are becoming increasingly aggressive in this area, with Eagle Boys, Pizza Hut and 7-Eleven all subject to actual or threatened class actions. Franchisors are now on notice. Hardly surprising given all the global publicity, class actions have also been mooted against vehicle manufacturers Volkswagen and Audi. The close of 2015 also saw media reports of proposed class actions against poker machine designers and operators, financial services provider IOOF, the Department of Defence, Bayer and several pharmaceutical companies, including Nurofen manufacturer, Reckitt Benckiser. As alluded to above, plaintiff law firm Maurice Blackburn announced it was investigating commencing a class action against its market-share rival Slater and Gordon, after Slaters sustained significant drops in its share price as per the article in The Sydney Morning Herald on 23 December 20151 . CLASS ACTIONS 1 Sydney Morning Herald, December 2015 (http://www.smh.com.au/business/maurice-blackburn-launches-class-action-against-rival-firm-slater--gordon-20151222-glttas.html) CLASS ACTIONS 06 | DLA Piper Insurance Review – May 2016 plaintiff, Melbourne City Investments, had been incorporated solely to help Mr Elliott generate legal fees for his benefit: see Treasury Wine Estates Limited v Melbourne City Investments Pty Ltd  VSCA 351. The Federal Court’s decision in Babcock & Brown is also worth noting, in which Perram J commented that a plaintiff may be able to recover damages without providing a direct causal link between the non-disclosure and the decision to invest (the “reliance” test). How this thinking develops going forward could have significant ramifications in terms of litigation volume: see Grant-Taylor v Babcock & Brown Limited (In Liquidation)  FCA 149. Whilst not a class action per se, the judgment of Macaulay J in Amaca v CSR & Anor is an interesting (albeit 280 page long) mass tort judgment on the rights of partners and joint tortfeasors to claim equitable contribution. The mechanics of the trial is also an interesting procedural template: 8 out of 204 claims being put up as “test cases” for the balance of the claims. The judgment is now on appeal: see Amaca Pty Ltd v CSR & Anor  VSC 582. Many class actions issued against manufacturers (across many sectors including food and beverage and life sciences), corporates and financial institutions settled, but the most significant settlement was the Black Saturday bushfire class actions, with total payouts across all claims nearing AU$800 million. As another hot Australian summer resulted in significant bushfires igniting in Victoria and Western Australia, this is a litigation stream which seems to be here to stay, with subrogated claims playing a key role in how these class actions are founded and possibly funded. LITIGATION FUNDING AND CONTINGENCY FEES Litigation funders have continued to entrench their importance in the Australian legal services market, and remain the predominant means for class action funding in Australia. Despite the Productivity Commission’s 2014 recommendations that there be greater regulation of third party litigation funding, and a potential removal of the ban on contingency fees, we are yet to see greater regulation of litigation funders eventuate, and litigation funders are still exempt from the requirement to obtain a Australian Financial Services Licence. The Federal Government’s stance on both greater regulation of litigation funders and removing the ban on contingency fees remains unclear. Notably in July, NSW’s prohibition on lawyers charging uplift fees was removed. We also saw Maurice Blackburn make a second attempt to introduce a “common fund” funding model in conjunction with International Litigation Funding Partners. However, on 7 August 2015, the Federal Court dismissed Maurice Blackburn’s application. Interestingly, Wigney J noted that the Court had the power to make such an application, but that it was not appropriate at that time. It was also noted that the group members did not appear to be the beneficiaries of the proposed arrangement: see Blairgowrie Trading Ltd v Allco Finance Group Ltd  FCA 811. CONCLUSIONS We expect to see continued class action activity in product liability, securities, financial services and bushfire/ environmental litigation. The rise of cyber-attacks and increasingly onerous privacy obligations are also likely to be emerging areas of activity: data privacy breaches are a potential flashpoint for companies holding personal, financial or medical information. However, the dominant change will no doubt be innovation driven by technological advances, with entrepreneurial plaintiff laws firms and litigation funders in the driver’s seat. We are also likely to see more high volume class action activity. The challenge for insurers, their customers and defence lawyers is to stay nimble or risk being left behind. Kieran O’Brien Partner T +61 3 9274 5912 email@example.com Natasha Stojanovich Senior Associate T +61 3 9274 5869 firstname.lastname@example.org With thanks to Andrew Burleigh, Solicitor and Bekir Cetinkaya, Summer Clerk, for their research assistance. www.insuranceflashlight.com | 07 Class actions that impact financial lines are now a fixture of the Australian litigation landscape. Presently there are at least 35 class actions being litigated in Australia, with most actions taking place in Melbourne and Sydney, with close to equal distribution between the Federal and Supreme Courts. The nature of these actions is also starting to take a similar shape from case to case. There is usually a market event – a company being placed into liquidation or receivership, or significant disruption to the share price of a listed company – that initiates a considerable amount of legal activity as ASIC issues notices for production of documents, plaintiff firms rush to be the first to issue to bind a class and liquidators/ receivers initiate public examinations to investigate why the company failed. Pity the board members of a public company that have to consider whether or not the company should be placed into receivership or administration. A decision to do so will show the “mindset of scarcity” at its worst. The mindset where all risk is to be avoided, all losses are an error and greed, fear and mistrust take over. The fact that a healthy economy necessarily involves investment and occasional failure is long forgotten, and risk aversion dominates. Each director will endure years of regulatory attention and litigation in a market where reputation is everything. They will need legal support, and lots of it. The D&O policy is sold to directors that may need this support. Should the day come when a director is facing the combined attention of a regulator, liquidator/receiver and class action lawyer, the policy can be the difference between corporate oblivion and salvation. It is a rare director that is able to match the resources of his or her opposition from their own funds. The insurance coverage is critical and the first question any director will ask is “how much insurance cover do I really have?” That relatively simple question is, unfortunately, very difficult if not impossible to answer in respect of the D&O products currently available in the market. Traditionally, D&O cover had what was called “side A” and “side B”. Side A provided cover for each director individually, in circumstances where the company was not permitted to or did not indemnify the director for his or her liability for the claim. Side B cover is when the company is obliged to provide that indemnity. The line between Side A and Side B is usually dealt with in a “Deed of Access and Indemnity” that any properly advised company and director will insist on being signed. That document sets out the claims for which the company will indemnify the director and the claims for which it won’t. In most cases, sorting out whether the claim is Side A or Side B is immaterial because the liability lies with the director first. “Side C” cover is different. Side C or “entity cover” is cover for the entity, for a range of wrongful acts covered by the policy that are committed by the company. The difference is significant. Establishing that a director is personally liable for damages is a difficult task. It usually requires a plaintiff establishing that each director had knowledge of the essential facts constituting the contravention. Proving exactly what a director knew at a particular time is often difficult. The same cannot be said of a company. A corporation is usually attributed the knowledge of its workers. For example, a corporation can be held liable for making a misleading statement that the Board knew nothing about. In those circumstances, litigated claims against the director would fail but the claim against the company would succeed and most importantly, the “Side C” cover would respond to pay the damages claim. D&O D&O, CLASS ACTIONS AND SHARED LIMITS – PERHAPS SOME SELF REGULATION AND COMMON SENSE ? 08 | DLA Piper Insurance Review – May 2016 THE PERILS OF SHARED LIMITS Most D&O policies provide a common limit. Coverage extends to board members and to officers, so a standard class action often involves the board and senior executives who may not hold board positions, such as the CEO, CFO and General Counsel. It is quite common for 10 – 12 people to seek coverage for defence costs under the policy. Each of these people usually share the same limit. So, if D&O cover is AU$10 million, that amount has to be allocated in some way to the numerous directors and officers entitled to that protection. If the limit also covers Side C risks, then the company can “dip into the pot” as well for its defence costs and damages. This all makes answering the question “how much cover do I have?” quite impossible, because a director can find themselves in a situation where they have plenty of cover one day, but none the next. Take a situation where directors are the subject of a class action and sharing a AU$5 million limit, of which AU$3 million has already been spent. The directors then find out that FOS has ordered the company to pay a series of side C claims that total AU$2 million. As that liability has crystallised to the company, the insurer is obliged to pay it so the valued money set aside for the director’s defence costs, evaporates overnight. So as a rule, in my view, directors would be foolish to have a policy that shares the limit with “Side C” cover. Brokers should take particular care to avoid that scenario, or at a minimum, point out the risks to each individual director if that is the policy the company wants to go with. The problem does not end there. Even with a conventional side A scenario, where say eight directors are sharing a limit, how do you fairly allocate access to the limit? The conventional approach taken by insurance lawyers and claims staff, is that each insured is not entitled to know what the other insured has spent; and the limit is eroded on a “first come, first served” basis. The result is that the directors and lawyers are often hoping that they will do work and be paid for it. This can and has resulted in nasty shocks, where directors have discovered prior to or during a trial that the limit has been exhausted. The insurance product has failed at the point it was needed most. This is an industry problem and it needs to be fixed. SO WHAT ARE THE SOLUTIONS? Firstly, some common sense goes a long way. It is common for insurers to appoint coverage counsel, that have the role of protecting the insurers’ interests and supervising the work done by the lawyers acting for the directors. Once the “defence team” has been marshalled together, it makes sense for the insurer, via its coverage counsel, to seek the consent of each director to mutual disclosure of cost budgets, as well as regular meetings to avoid duplication of work. The parties should agree to regular reports on the erosion of the costs limit, so that there are no surprises. Whilst the contract might strictly permit an insured to withhold that information, section 14 of the Insurance Contracts Act makes it clear that all parties to an insurance contract, including an insured, have the following obligation: If reliance by a part to a contract of insurance on a provision of the contract would be to fail to act with the utmost good faith, the party may not rely on the provision. Directors defending a suite of regulatory actions and class actions are in a pressure cooker. One director who thinks he or she is entitled to spend the limit as they see fit without regard to their once fellow directors, is in my view, not entitled to rely on any policy term that would produce this outcome as to do so amounts to a lack of good faith. Common sense and good faith simply has to prevail, particularly when the available limit falls short of the claim limit, which is almost always the case as the capacity in the market is a fraction of the potential losses. Secondly, the insurance product can be altered. Clauses dealing with allocation of the limit as between insureds can be introduced, to ensure joint co-operation between insureds, regular reporting on the erosion of the limit and even QC clauses to resolve disputes between insureds. Thirdly, the Board can also deal with agreements in the Deeds of Access & Indemnity as to how shared limits are to be dealt with in the event of a claim. Insurers, lawyers, brokers and insureds need to work together to solve this problem which, in my view, is easily done. Presently D&O policies run the risk of being a car that is going to stop working half way across a desert. Would you start the journey if you knew that was going to happen? David Leggatt Co-Head, Insurance Sector Australia T +61 3 9274 5473 email@example.com www.insuranceflashlight.com | 09 THE FINTECH REVOLUTION – WHAT IT MEANS FOR THE INSURANCE INDUSTRY There was massive growth in “FinTech” (the integration of finance and technology) last year, especially in Australia, which has lagged behind Europe and the United States in the FinTech space. Global investment in FinTech ventures was more than AU$10 billion in 2014 and is predicted to be AU$20 billion in 2015. However, only a very small proportion of this FinTech activity was insurance related. So what does this mean for the insurance industry? Some say that the insurance industry is ripe for disruption and that FinTech startups will be the key disruptors. According to the World Economic Forum, the most imminent effects of disruption from FinTech will be felt in the banking sector, but the greatest impact of disruption is likely to be felt in the insurance sector1 . However, it’s not all bad news for the insurance industry. It is also widely recognised that FinTech presents a real opportunity for the insurance industry. FinTech: What is it and who’s doing it? FinTech is the term used to describe technology startup companies in the financial services industry (which includes insurance). FinTech companies provide services in all areas of financial services, including payments, peer-to-peer lending, crowd funding, investment advice, blockchain technology, capital markets and insurance. FinTech is not just a buzzword; it is truly changing the landscape of the financial services sector. Just as Uber and Airbnb have resulted in changing consumer attitudes to taking taxis and booking hotels, FinTech will change the way consumers use financial services, including insurance. There are many examples of leading FinTech companies. Here are just a few: ■ Stockpile – A company that has revolutionised the investment world through selling gift cards that are redeemable for shares. ■ Acorns – A financial services company that automatically invests a customer’s small change by rounding up every transaction to the nearest dollar and investing the change into a diversified portfolio that is in line with the customer’s investment goals and risk profile. ■ Fastacash – A global social payments platform that allows users to transfer value (such as money) through social networks and messaging platforms. ■ goHenry – A company that provides a pre-paid debit card and app with unique parental controls, enabling children to spend safely in the increasingly cashless and digital world. Parents can set up automatic pocket money payments or make one-off transfers into their child’s account, as well as set the rules for spending and spending limits. There aren’t nearly as many examples of FinTech companies that have ventured into the area of insurance, which is perhaps surprising given that the insurance industry comprises approximately a quarter of the whole financial services sector. However, there is a general consensus that there will be increasing infiltration of the insurance sector by FinTech startups. In the insurance industry, examples of leading FinTech innovators include: ■ Knip – A digital insurance manager that provides users with an overview and analysis of existing insurance policies and is designed to automatically detect insurance gaps and recommend essential insurance. ■ Friendsurance – A company that brings peer-to-peer finances to the insurance sector. It allows small groups of people to anonymously combine their premiums and, if no claims are made, up to 40% of premiums will be returned. ■ PolicyGenius – A highly tailored insurance checkup platform, where users can discover gaps in their coverage and review solutions for their exact needs. ■ ZhongAn – Rated as number 1 in KPMG’s “FinTech 100” Leading Global FinTech Innovators Report 2015, ZhongAn (a joint venture between an e-commerce company, an online gaming and social networking company and Ping An FINTECH AND THE INSURANCE INDUSTRY THE FINTECH REVOLUTION WHAT IT MEANS FOR THE INSURANCE INDUSTRY 10 | DLA Piper Insurance Review – May 2016 Insurance) is an online property insurance company that uses big data technology to assist with product design, automatic underwriting, auto claims, precision marketing and risk management. Investment in and support for FinTech startups There is increasing support from the government for FinTech innovation. The New South Wales (NSW) Government supports Stone & Chalk, the not-for-profit FinTech hub that opened in Sydney in March 2015. The federal government recently released its Innovation Statement, a AU$1.1 billion package designed to boost economic growth and jobs through driving an “innovation boom”. The package provides investors in start-ups with a 20% tax offset and capital gains tax exemption. In addition, Australian Securities Investment Commission (ASIC) is providing support to FinTech startups through its Innovation Hub, which has the objective of helping FinTech startups to navigate the Australian regulatory system. This level of support from the government will assist in driving innovation, as will involvement and investment from large well-established companies in the financial services industry including banks and insurers. It has been said that “FinTech is so much larger than just the banks, and involvement by insurance companies, retailers, industry bodies, etc would go a long way towards accelerating innovation even further” (Fran Foo, “FinTech start-ups become hot property”, The Australian, 14 April 2015). How are things changing in the insurance industry and what does the future hold? We are already seeing FinTech startups in the insurance industry, and we can expect to see disruption in the industry in the future. Insurers can minimise the risk of disruption through collaborating with startups, partnering with third parties, for example technology companies, and creating innovation from within. We are already starting to see significant developments taking place in the industry and we expect there will be rapid development in these areas over the next few years. Here are some examples: ■ The Internet of Things – The use of internet-connected devices such as smartphones, personal wearable devices such as Apple watches and Fitbits, connected car devices and connected home devices by insurers in order to access new datasets will be more widely adopted. This has the potential to revolutionise the insurance industry. It will give insurers the ability to personalise insurance in a way that has not been possible in the past, by assessing risk and pricing insurance based on actual behavioural patterns rather than probabilities. For example, health insurers and life insurers may make use of Apple watches and Fitbits to access personalised data about an individual’s lifestyle and risk of illness or injury. Similarly, the use of telematics (such as telecommunication devices) enables motor vehicle insurers to monitor a driver’s behaviour and price premiums according to the risk. We can expect the use of such devices to extend to other areas of insurance, although the extent of this will depend on the willingness of insureds to share this personal data. ■ The use and challenges of “big data” – Insurers have been accumulating vast amounts of data for many years, but the rate at which data is now growing is unprecedented. This presents both opportunities and challenges. If big data is used effectively, it has the potential to drive growth and innovation and gain a competitive edge. At the same time, this presents challenges. One challenge faced by insurers is how to effectively and efficiently analyse and make use of the ever increasing data available to their advantage. The use of big data also brings with it the difficulties and challenges associated with protecting data, such as complying with privacy laws, protecting personal data and cybersecurity risks. ■ Changing consumer expectations – Digital technologies have resulted in consumer attitudes and expectations changing. Consumers are increasingly better connected and better informed. With easy access to policy comparison websites, consumers and businesses are less reliant on intermediaries and loyalty is declining. Consumers and businesses will be very receptive to new ways of doing things, which presents insurers with the opportunity to drive the change that consumers seek. There’s a lot happening in the insurance industry now and we will see many developments in the next five to ten years. Changes happen quickly and for those that drive the changes and innovation, there will be many opportunities. In addition, there will also be a continuing impact on the intermediary sector due to online access to insurance. Brokers will have to continue to innovate to stay in the game. With the potential for so much change, it’s an exciting time to be part of the insurance industry. Sarah Fountain Senior Associate T +61 9274 5256 firstname.lastname@example.org 1 J Eyers, “World Economic Forum says FinTech is here to stay and don’t forget insurance”, Australian Financial Review, 6 July 2015. www.insuranceflashlight.com | 11 SUMMARY Last year, the Australian construction sector was marked by a number of features: ■ the sector continued to move its focus away from engineering construction for major resources and energy projects towards commercial, residential and social infrastructure construction (stadia, hospitals, roads and the like); ■ the increasing appetite for sector participants to access the security of payments adjudication regimes in order to maintain cashflow; and ■ the appreciable fall in commodities prices (particularly iron ore) has heightened fears of insolvency events, even among established industry participants including principals. These features have contributed to a renewed focus on the quality and availability of security provided by contractors under construction contracts. Principals require contractors to provide security under construction contracts in order to secure the performance of the contractor’s obligations, particularly in the event of the contractor’s insolvency. Traditionally, security was provided in order to protect the principal from the damage actually suffered where the contractor breached its obligations. However, in recent times security has been used to secure the principal’s position in the event of a dispute as to whether the contractor has breached its obligations. 2015 saw a series of cases which provide valuable insight into the current attitudes of the Australian Courts as to the role of security held under construction contracts. The three cases discussed below, Yuanda Australia Pty Ltd v John Holland Pty Ltd  WASC 453, Duro Felguera Australia Pty Ltd v Samsung C&T Corporation and Ors  WASC 484, and Fabtech Australia Pty Ltd v Laing O’Rourke Australia Construction Pty Ltd  FCA 1371 all concerned whether interlocutory injunctions should be imposed to restrain principals from having recourse to securities until the substantive hearing of disputes arising under construction contracts. Further cases considering the role of security in the construction context included Best Tech & Engineering Ltd v Samsung C&T Corporation (No 2)  WASC 447, Sugar Australia Pty Ltd v Lend Lease Services Pty Ltd  VSCA 98 and Saipem Australia Pty Ltd v GLNG Operations Pty Ltd (No 2)  QSC 173. The clear message from these cases is that the Courts will not restrain the conversion of security provided that: ■ the terms of the security clause can be clearly construed; and ■ the Court can satisfy itself as to the propriety of the conversion. The Courts emphasised that in addition to the traditional security function, a security clause can also play an important role in allocating risk between the parties under a contract. Where the construction of the security clause provides for risk allocation pending dispute resolution then, absent compelling reasons, the agreed risk allocation should not be changed even on an interim basis. The fact that a contractor willingly agrees to assume this risk weighs heavily in favour of the principal being able to exercise its entitlement to the security. CONSTRUCTION WHAT HAPPENS WHEN THE MUSIC STOPS? ACCESSING SECURITY UNDER CONSTRUCTION CONTRACTS 12 | DLA Piper Insurance Review – May 2016 The message for insurers and financial institutions issuing security (whether in the form of performance bonds, guarantees or the like) is to know the terms on which your customer contracts and to know who your customer contracts with. Both have a significant influence on the prospects of the security being called upon. YUANDA V JOHN HOLLAND John Holland engaged Yuanda to design and install the façade of the New Children’s Hospital in Perth. John Holland alleged that Yuanda’s work was defective and required replacement, at a cost exceeding the value of the security provided under the contract and an entitlement to liquidated damages for delay. After notifying Yuanda of its intention to call on the security, on 17 November 2015, an officer of John Holland attended the Sydney branch of the guarantor to convert the security to cash. Yuanda’s solicitors sought an injunction the following day to restrain John Holland from taking any further action to apply the moneys to any alleged costs, expenses or damage suffered. Yuanda contended that the security clause contained an implied term that John Holland not convert the bank guarantees to cash except to pay for costs, expenses or damage suffered as a result of a breach which required John Holland to make a claim for breach to Yuanda. The Court rejected Yuanda’s argument on the basis that this approach was inconsistent with the clause’s clear purpose to allocate risk between the parties in the event of a dispute, because the clause provided that the security could be converted into cash “at any time.” The Court also decided that they were able to dismiss Yuanda’s claim without taking a view on the proper construction of the security clause as there was no evidence that John Holland had converted the security for any unauthorised purpose. Indeed, there was clear evidence of the defective nature of the facade and the delay in completing the contract works. As such, Yuanda failed to establish a prima facie case in favour of the grant of an injunction. Finally, the Court decided that the balance of convenience would not favour the grant of an injunction in any event, as Yuanda failed to properly show any irreparable injury for which damages would be an inappropriate remedy if an injunction was not granted. Denying John Holland the benefit of the risk allocation in the security clause by granting relief was “a powerful consideration against the grant of interlocutory injunctive relief.” DURO FELGUERA V SAMSUNG This case confirms that undertaking contractual construction is paramount to determining the conditions precedent to entitlement to recourse to the security, followed by a careful consideration of the evidence to determine whether the principal has complied with those conditions. Duro Felguera and Forge, through an unincorporated joint venture, entered into a contract with Samsung whereby they agreed to provide engineering, procurement, construction and commissioning for the Roy Hill Iron Ore Project. Duro and Forge as the “Subcontractor” were jointly and severally liable to Samsung for all of the Subcontractor’s rights and obligations. Duro and Forge were required to provide security for performance to Samsung in the form of bank bonds, which were issued by CGU Insurance and AIG Australia. The contract provided that if an administrator was appointed to either Duro or Forge, Samsung could terminate the Subcontract. An administrator was appointed to Forge on 11 February 2014 and Samsung subsequently terminated the Subcontract on the 21 February 2014. Duro wished to continue to provide services to Samsung and entered into a new contract with Samsung for a portion of the remaining works. On 3 November 2015, Samsung made a demand on the securities issued by AIG and CGU. An ex parte interim injunction was granted in favour of Duro to restrain Samsung from calling on the securities. Duro applied for an interlocutory injunction to restrain Samsung from calling on the securities and also to restrain CGU and AIG from paying any amounts to Samsung. Duro argued that Samsung’s entitlement to call on the security had expired and did not continue under the subsequent term sheet agreed between Duro and Samsung, and alternatively that Samsung had not formed the requisite bona fide consideration that it was entitled to recourse to the security. The Court found for Samsung on both matters of construction. First, the Court found that Samsung’s interpretation of the original Subcontract and subsequent term sheet was a more “business like” construction than that offered by Duro, and the expiry of the security under the Subcontract was extended. Second, the Court found that Samsung was not required by the terms of the contract to give notice to Duro that it considered that it was entitled to have recourse to the security. In any event, there was no evidence suggesting that Samsung was not acting bona fide. www.insuranceflashlight.com | 13 As to the balance of convenience, the Court also observed that the risk that the security will be called upon was a risk that Duro assumed by entering into the Subcontract. The function of the security clause was clearly that Duro should carry the risk in the event of any dispute. If the injunction was to be granted Samsung would be deprived of its right to determine which party is out of pocket until the resolution of the dispute. FABTECH V LAING O’ROURKE Laing O’Rourke engaged Fabtech to supply and install pond liners and leak detection systems for two water treatment ponds in rural in Queensland. On 27 October 2015, Laing O’Rourke notified Fabtech of various claims, including for recovery of overpayments and liquidated damages, for the purposes of recourse to the securities provided under the contract. On 28 October 2015, Fabtech obtained an ex parte interim injunction restraining conversion of the securities. In its submissions at the subsequent hearing at which Laing O’Rourke was present, Fabtech relied upon four grounds to support its argument that it had a prima facie case for the grant of an injunction, including that in seeking to call on the securities, Laing O’Rourke would be engaging in unconscionable conduct or acting in breach of an implied contractual obligation to act in good faith. The Court decided that it was plainly clear on the wording of the security clause that Laing O’Rourke could have recourse to securities whenever it claimed to be entitled to payment of monies by Fabtech. Accordingly, the security clause was intended to operate as a risk allocation device as to which party would be out of pocked in the event of a dispute. The Court also observed that there was no express requirement that Laing O’Rourke act reasonably when having recourse to the security. The Court emphasised that where a security clause is clearly designed to allocate risk, establishing that the principal is acting unconscionably or in breach of an obligation to act in good faith is extremely difficult. For such an argument to succeed, the conduct would need to be extreme and almost merge into bad faith exercises of the power. Whilst the Court was not prepared to find that Fabtech had a prima facie case for an injunction, the Court nonetheless considered the balance of convenience and noted that the award of an injunction would “defeat an important purpose, if not the most important purpose”, of the securities, namely the risk allocation function. COMMENTARY These cases provide an insight into the manner in which principals are exercising contractual rights to security held under construction contracts in the present economic environment. They also demonstrate that Courts will uphold clearly drafted security clauses in order to protect the rights of the principal, but will scrutinise the construction of the clause and the evidence to ensure that principals have complied with relevant pre-conditions. The cases also highlight that where the security clause clearly serves a function of risk allocation in the event of the dispute, this will give further strength to the case of the principal seeking to enforce the security. A final point to observe is that the prevalence of cases suggests that principals appear to be using security more aggressively over their contractors as a form of private payment claim. This may reflect the fact that the payment claim adjudication system is seen to be “pro-contractor”, and a contractual mechanism of security held under construction contracts provides a means for principals to level the playing field of cash flow risk in the event of a dispute. Matthew Roberts Solicitor T +61 8 6467 6092 email@example.com Richard Edwards Partner T +61 8 6467 6244 firstname.lastname@example.org 14 | DLA Piper Insurance Review – May 2016 CYBER EXPOSURE OF THE BANKING & FINANCE INDUSTRY Cyber incidents and their fall out continued to make more headlines in the past year across a broad range of industries and businesses. It’s no surprise then, that larger corporates and financial institutions are becoming increasingly aware of their and, significantly, their customers’ cyber risks. 65% of banking executives surveyed in a 2015 risk management study expect cyber risks to increase. The exposure of banks came to sharp focus in early 2015, when security firm Kaspersky uncovered one of the largest cyber crimes in history that directly targeted banks. They discovered that cyber criminals had gained access to bank systems via spear phishing attacks on employee systems and the installation of Malware, known as Carbanak. Through the attack, the criminals were able to infiltrate banking systems and mimic bank staff conduct to withdraw up to an estimated US$1 billion over the course of about two years. The attack was highly sophisticated, with each withdrawal being orchestrated over a number of months and across numerous countries, including Australia, Brazil, Bulgaria, Canada, China, Czech Republic, France, Germany, Hong Kong, Iceland, India, Ireland, Morocco, Nepal, Norway, Pakistan, Poland, Romania, Russia, Spain, Switzerland, Taiwan, the United Kingdom, Ukraine and the United States. The banking and finance industry also had to deal with the impact of other cyber incidents, notably the Target attack. Millions of Target’s customer base were asked to cancel credit cards and change passwords due to the extraction of millions of customer account records held by Target. Ratings agencies are taking notice. Standard & Poors recently indicated it may downgrade their ratings on banks that suffered a cyber incident that caused reputational damage or did not appear ready to handle a cyber incident (before a breach has occurred). Moody’s have also indicated they will examine the duration and severity of a cyber incident to determine its credit impact, making cyber security a higher priority in its credit analysis. INSURING ON CYBER PROTECTION – ENHANCING THE FIRST LINE OF DEFENCE CYBER www.insuranceflashlight.com | 15 ENHANCING CYBER PROTECTION – GETTING THE BASICS RIGHT Given their exposure, it is no surprise that the banking and finance industry are leaders in cyber protection. We have identified below key protection measures that, in our experience, have been implemented across the industry and can benefit all businesses. No company is immune to a cyber incident. However, and critically relevant for insureds and insurers, many of these measures can significantly mitigate the damage caused by a cyber incident. This, in turn, will limit the quantum of potential claims under cyber policies. As always, cyber insurance is just one measure to be adopted – but it is the last line of defence. Before a company can implement effective cyber protection measures, it needs to identify and assess its internal and external risk factors. This requires an audit of all aspects of a company’s business, particularly its data collection, regulation, security and customer and vendor management. Thereafter, the measures discussed below should be considered. ■ Implement, maintain and update IT security policies and procedures, personnel policies and device level policies These policies and procedures (particularly the inculcation and operationalisation of these within an organisation) are an essential part of ensuring that cyber risks are considered and measures implemented to mitigate these risks. It is impossible to over emphasise the importance of reviewing and updating these policies on an ongoing basis – given the rapidly changing nature of the threat environment and the increasingly sophisticated methods used by cyber attackers, what constitutes “best practice” approaches and procedures can change in a matter of days and weeks, not months or years. ■ Develop and implement effective compliance training and personnel education processes It is important to foster an environment in which the importance of effective data management and security is understood, and implementing ongoing monitoring of compliance with policies and attendance at training. “Social engineering”, the exploitation of the human element of organisations, is one of the key methods used by attackers to perpetrate an attacks (this includes techniques like phishing and impersonation). SocialEngineer, Inc, a company that helps organisations learn how to combat and mitigate the effects of malicious social engineering, has reported that social engineering is used in over 66% of all cyber attacks. It is therefore critical to ensure that personnel are educated about how they can assist in protecting their organisation against cyber attacks, and that their compliance with mandated policies and processes is monitored and regularly reinforced through compulsory training. ■ Enhance vendor management processes Organisations need to understand the interconnected nature of cyber risks. A key risk area that has been targeted in many high profile incidents is the connections between organisations and their external vendors. This extends beyond IT vendors – the initial point for entry for the Target credit card attack in 2013 was a heating, ventilation and cooling (HVAC) system provided by a third party vendor. An organisation should develop, implement and maintain: – strong and effective governance of vendor security, which includes gateway reviews, mandatory security requirements built into contracts, and the exercise of audit rights being exercised on a regular basis to periodically confirm compliance; – policies, systems (including technologies) and processes to ensure that any third party providers of infrastructure services cannot access information stored on or passing through that infrastructure unless authorised; and – offshoring and/or outsourcing policies and standards to which the organisation has reference when engaging external vendors. ■ Develop incident response plans for specific data breach or security issues and a process for periodic review and updating of the plan The implementation of a comprehensive and tested incident response plan is critical to effectively manage a cyber incident. They should cover: – the composition of an incident response team and protocols for communicating amongst the team (which must take place through off-band communication channels, given the risk that the security of on-band channels has been compromised); – processes and protocols for communicating information to stock markets, relevant regulators, law enforcement bodies, insurers, affected individuals and the media; – processes and procedures for analysing the attached and preserving evidence of it; and – implementing recovery and business continuity plans (see further below). 16 | DLA Piper Insurance Review – May 2016 The incident response procedures must be regularly tested and updated, particularly after any significant changes to business operations occur. A post incident review must also be performed and documented following any significant security incident. ■ Develop, implement and regularly test and update business continuity plans and disaster recovery plans and facilities Cyber extortion is on the rise and organisations must be prepared to face the encryption of, denial of access to or deletion of, critical data and systems. This has the potential to cripple many organisations. Business continuity and disaster recovery plans that can be implemented during a cyber incident are critical to minimising the operational effects on the affected organisation. Further, the preservation of evidence is required as part of any claim under insurance policies and/ or law enforcement investigations, which may require impacted systems to remain offline for a period. ■ Test and update technologies and systems used An area of obvious enhancement is within an organisation’s own systems and technologies. The inherent levels of security within an organisation’s deployed systems need to be regularly monitored, tested and updated. This includes: – the IT architecture, systems security and IT access systems security in place; – use of data loss prevention, intrusion detection, data exfiltration prevention and other relevant security monitoring and management systems; – security testing processes such as penetration testing, vulnerability assessments, social engineering testing, including independent third party testers/reviewers (e.g. a “white hat” provider to undertake efforts to obtain access to its systems). Vulnerabilities identified must then be subjected to further review/removal; – use of virus detection software which is continually updated as recommended by the vendor; – where relevant, network segmentation, segregation and separation; – security processes which automatically identify potential misuse/unauthorised use of data; and – data back-up cycles which limit the impact of data becoming corrupted or encrypted by outside actors (and where such backed up data is also tested). THE BENEFITS FOR INSURERS AND INSUREDS The above measures are not new, but are fundamental to developing sufficient cyber protection within an organisation. They also greatly assist in reducing the loss suffered from a cyber incident. It is therefore beneficial to both insurers and insureds for these measures to be properly implemented. In this respect, insurers may be able to assist in the widespread deployment of these measures. As part of the proposal process, insurers can ask prospective insureds to provide details of the measures they have taken in developing their cyber protection. This will both highlight these matters to insureds and assist insurers to identify riskier insureds and price accordingly. Insurers may also be able to, in conjunction with their partnered providers, offer “value add” services to insureds, especially those identified as high risk to assist them in developing their cyber protection while also reducing the prospect and quantum of future claims. Looking forward, we expect these cyber protection measures to be widespread. Insurers, with the assistance of their preferred service providers, can help lead the charge in enhancing the first line of defence. This will, of course, be to the benefit of both insureds and insurers. Nicholas Boyle Senior Associate T +61 2 9286 8479 email@example.com www.insuranceflashlight.com | 17 DEVELOPMENTS IN DEFAMATION LAW THE YEAR OF THE TWEET During the last year, defamation law was dominated by emergent technologies, and in particular the continued explosion of new social media platforms. The Courts continued to grapple with reconciling Uniform Defamation legislation, introduced before the advent of many new technologies, with the raft of cases involving the inappropriate use of social media. The high profile decision involving former Australian Treasurer Joe Hockey saw calls in numerous quarters for legislative reform of defamation law, including that it be simplified to allow it to keep pace with the technological advances1 . Importantly, the decisions also emphasize that defamation law remains complex and costly, and that using the Courts to assign dollar figures remains a fairly blunt tool for remedying bruised feelings. TROUBLE IN UNDER 140 CHARACTERS: THE POWER OF THE TWEET Twitter is a social media platform allowing tweets of 140 characters or less. Given their necessary brevity, tweets often lack context, and this was a key issue in the high profile case of Joe Hockey v Fairfax. The case also highlighted the pitfalls of posting promotional material on social media. In 2015, the former treasurer became the first Australian politician to win a defamation case over a tweet. In the proceeding, Mr Hockey alleged that Fairfax had defamed him in newspaper articles, tweets and advertising signs and placards. The underlying allegation was that Mr Hockey was providing privileged access to a select group in return for donations to the Liberal party. The first tweet said “Treasurer Hockey for sale” and hyperlinked to Fairfax’s story. The second tweet said “Treasurer for Sale: Joe Hockey offers privileged access” and contained a summary of the contents of the article. Justice White of the Federal Court found that the articles published in various newspapers were not defamatory, but that two Twitter posts by The Age were. He found that despite containing the hyperlink, the tweets were discrete publications, which should be considered in isolation, as there was no guarantee that readers would “click-through” to review the hyperlinked material. Specifically, His Honour said that some people may read the tweet “without going further.” Accordingly, the tweets were found to be defamatory, even though the articles were not. Ultimately, Mr Hockey was awarded AU$200,000 in damages. However, notably, Fairfax was only ordered to pay 15% of Mr Hockey’s legal costs given that of all the various publications complained of, only the tweets were considered defamatory, and as a result, was somewhat of a pyrrhic victory. The prohibitive legal costs of litigating defamation actions remain a powerful deterrent to would be plaintiffs. TELL HIM HE’S DREAMING The Australian cult movie classic “The Castle”, featuring the bumbling and incompetent solicitor Dennis Denuto, featured in a decision of the Queensland District Court. In Smith v Lucht  QDC 325, the plaintiff Smith, a solicitor of 36 years’ standing, commenced 1 Sources include: http://theconversation.com/hockey-v-fairfax-should-start-the-debate-on-defamation-law-reform-44012. Specific reference is also made to comments of Press Council Chair David Weisbrot, and as quoted in the above article (and referred to in the opening paragraph). 18 | DLA Piper Insurance Review – May 2016 defamation proceedings against Mr Lucht, former husband of his daughter in law, after he referred to him as “Dennis Denuto”. The references were made in an email to his daughter in law in early 2013, and again in two conversations with Mr Smith’s family later that same year. For the benefit of those who have not seen the film, or Mr Denuto’s eloquent oral submissions on “the vibe” of the Australian Constitution, Judge Moynihan described Dennis Denuto as “likeable and well-intentioned, but inexperienced in matters of constitutional law and not qualified to appear in person in ligation of that nature”. Mr Smith claimed AU$250,000 in damages. The Court dismissed the claim, finding that the nature of the imputations did not lead to the solicitor “sustaining harm.” It was also relevant that the initial publication was confined to two members of his family, with whom he was having a dispute. It was relevant that they were able to make their own assessment of the imputation, and, the statements were not made, intended or likely to be published by Lucht beyond the two family members. It was not a relevant consideration that there was subsequent media interest in the matter, as this was not part of the initial publication. Accordingly, the case was dismissed. There was also a sting in the tail of the judgment for Mr Smith, as he had failed to accept various apologies and settlement offers made by Mr Lucht, and accordingly, was ordered to pay costs on an indemnity basis. “KEYBOARD WARRIORS” AND THE DANGERS OF SOCIAL MEDIA The Victorian Supreme Court decision of Gluyas v Canby  VSC 11, concerned a war of words between two bloggers, one based in Australia, and the other in the US. The plaintiff was Philip Gluyas, a 49 year old Ballarat based pensioner, and country junior football umpire. Gluyas, alleged that Oliver Canby, a US resident, had defamed him in a series of blog posts on his blog “Autism is Bad”. Specifically, Canby accused Mr Gluyas of being a sexual deviant and a paedophile who preyed on young football players. Mr Gluyas, who was unrepresented (save for a duty barrister at trial), was no stranger to defamation suits, having previously litigated against US based residents in both the Supreme and County Courts. Mr Canby, did not attend the trial or have legal representation, and accordingly, the case against him was undefended. In its judgment, the Court noted that the blog posts were viewed by only a very small number of people. Notwithstanding the small ambit of the publication, the Court was conscious of the “grapevine effect” and that the publication may be picked up and re-published via online search engines. Given the serious nature of the defamatory imputations, the Court held that Gluyas was entitled to an award of damages to vindicate his reputation and standing, and ordered Canby to pay AU$50,000 in damages, plus interest. The Court also considered that Canby failing to remove some of the publications constituted aggravating conduct. Had the parties been legally represented, the legal costs would certainly have overwhelmed the ultimate damages award. WHERE TO FROM HERE? Last year saw a raft of defamation cases arising out of social media both issued and litigated, and social media, and Twitter in particular, featured heavily. The plethora of popular ‘conversational’ social media forums is effectively rendering many private conversations public. What may previously have been the subject of a dinner party conversation between friends, may now end up published to the world at large through online activity. The ease of publication, and its effectively instantaneous (global) reach is a volatile combination, and one which is likely to play out in the Courts, and significantly, in the defamation context. Despite the explosive proliferation of social media platforms and associated ‘publications’ occurring as a result, the cost of commencing defamation actions nonetheless remains a significant barrier to most ordinary Australians, unless privately funded or self-represented. Benjamin Hine Solicitor T +61 3 9274 5035 firstname.lastname@example.org Natasha Stojanovich Senior Associate T +61 3 9274 5869 email@example.com Madhavi Lingam Solicitor T +61 3 9274 5462 firstname.lastname@example.org www.insuranceflashlight.com | 19 The past few years have seen multiple “privacy insurance” policies come on to the Australian market, with policies tailored to the needs of both SMEs and large corporates. The healthcare sector is at particular risk of privacy breaches and resultant regulatory action and claims, but it is not clear that this has led to an increased uptake of privacy insurance policies in the sector. Insureds operating in the health sector tend to hold highlysensitive personal information. They are also subject to onerous regulation. Their employees, however, fear that their privacy protections are not up to the task. A 2010 US benchmark study on patient privacy and data security by Ponemon Institute found the three key causes for privacy breaches were: ■ Unintentional employee action; ■ Lost or stolen computing devices; and ■ Third-party errors. When staff of healthcare providers were interviewed, they considered that a majority of their employers did not have sufficient resources to enable the security of patient records (71%) nor sufficient policies and procedures to protect health information (69%). Additionally, more than half of the staff had little or no confidence in their ability to correctly secure patient records (58%). These concerns will only grow as trends common across all industries (computerisation, cloud storage, a desire by consumers for portability of their information) are affecting the health sector. This article aims to highlight some of the privacy issues raised in recent cases and incidents in the health sector. UNAUTHORISED DISCLOSURES OF INFORMATION ‘EZ’ and ‘EY’  AICmr 23 Mr Z, a patient of Dr Y, contacted his local police station in November 2006 to report harassment and damage to his property as part of an ongoing neighbourhood dispute. Sergeant X attended the scene and reported that Mr Z to be acting in a highly excited and paranoid manner. Following this incident, Sergeant X contacted Dr Y in December of 2006 to discuss whether, in Dr Z’s opinion, Mr Z was “psychotic.” As recorded by Sergeant X, Dr Y advised that “it was possible, but further assessment was PRIVACY PRIVACY CONCERNS IN THE HEALTHCARE SECTOR 20 | DLA Piper Insurance Review – May 2016 needed.” Mr Z became aware of this conversation and lodged a formal complaint under section 36 of the Privacy Act 1988 (Cth) (Privacy Act) in relation to Dr Y’s conduct. In particular, Mr Z alleged Dr Y had interfered with his privacy by: ■ Improperly disclosing personal information from Mr Z’s medical records to Sergeant X; ■ Disclosing inaccurate personal information to Sergeant X; and ■ Failing to have adequate security safeguards to protect his personal information from improper disclosure. The Australian Information Commissioner opened an investigation into Mr Z’s allegations on 29 May 2012. The matter was later decided under section 52 of the Privacy Act. The Commissioner found that Dr Y had interfered with Mr Z’s privacy and failed to take reasonable steps to protect his personal information. Dr Y had not sought to question the police on why they sought her views, or to take into consideration the obligations imposed on health providers by their professional regulator. The Commissioner found in favour of Dr Y in one respect, finding that the information disclosed had been accurate. Dr Y was ordered by the Commissioner to apologise to Mr Z and pay AU$6,500. for the loss caused by the interference with Mr Z’s privacy. INSURING AGAINST INTERNAL & EXTERNAL SECURITY BREACHES Citizens Bank of Pennsylvania v. Reimbursement Technologies, Inc., 609 Fed.Appx. 88 C.A.3.Pa.,2015 Citizens Bank of Pennsylvania (the Bank) sued Reimbursement Technologies (RT), a doctors’ billing and financial management company, and Leah Brown, a RT employee, in the United States (US) Federal Court for losses related to fraudulent withdrawals from customers’ bank accounts. The Bank alleged that certain RT employees and agents, including Ms Brown, accessed non-public financial information of patients of RT’s doctor clients and provided it to a third-party “organised fraud-ring.” As a result, it was claimed, the ring illegally withdrew money from Citizens’ customers’ accounts from branches in six different US states. The Bank re-credited its customers’ accounts for the amounts withdrawn and calculated a total loss of at least US$390,000. Citizens claimed RT was liable for its losses on the basis that RT had violated health privacy principles in the Health Insurance Portability and Accountability Act (HIPAA). Pointing to HIPAA’s stated purpose to “improve portability and continuity of health insurance coverage”, the Court rejected the suggestion that HIPAA was in any way intended to protect patients’ banks from possible financial fraud. The Court also found that RT did not owe a duty of care to the bank, that it had not been negligent and was not liable for fraud. ANTHEM INC – SECURITY BREACH In February 2015, Anthem Inc, the second-largest US provider of health insurance, had its secure databases invaded by unknown hackers. Much personal information was stolen. As a result of the breach, 78.8 million customers of Anthem were involuntarily put at risk of identity theft. Several federal and state authorities have since sought to investigate the company’s security systems and its response to the wider community. The attack has been costly to Anthem from both a reputational and commercial standpoint. In particular, Anthem was obliged to enlist another company to provide a two-year, free-of-charge identity theft repair and credit monitoring service to all its clients. CONCLUSION Insureds in the health sector have onerous obligations to their patients. New technologies threaten this obligation, as demonstrated by the above cases, and this will have implications for policy coverage and insurers’ exposure in this space. David Leggatt Co-Head, Insurance Sector Australia T +61 3 9274 5473 email@example.com Summer Dow Senior Associate T +61 2 9286 8053 firstname.lastname@example.org Paul Lamb Senior Associate T +61 3 9274 5222 email@example.com www.insuranceflashlight.com | 21 SUB-SECTORS ASEAN MEMBER COUNTRIES Direct Life Insurance Indonesia, Philippines Direct Non-life Insurance Brunei, Cambodia, Indonesia, Malaysia, Philippines, Singapore and Vietnam Reinsurance and Retrocession Brunei, Cambodia, Indonesia, Malaysia, Philippines, Singapore and Vietnam Insurance Intermediation Cambodia, Malaysia, Indonesia, Philippines, Singapore and Vietnam Services Auxiliary to Insurance Brunei, Cambodia, Indonesia, Malaysia, Philippines, Singapore and Vietnam IMPLEMENTATION OF THE AEC AND THE IMPACT ON THE INSURANCE INDUSTRY – ARE WE READY? The much-anticipated goal was to implement the ASEAN Economic Community (AEC) by 31 December 2015, thereby forming a single market and production base across ASEAN member countries (AMC). The insurance industry will have many opportunities and challenges to overcome as the AMC continue their progress to integrate the market across the ASEAN region. However, with a new AEC Blueprint for 2025, economic integration still seems some way off. THE ASEAN ECONOMIC BLUEPRINT AND THE INSURANCE INDUSTRY In November 2007, the ASEAN leaders adopted the ASEAN Economic Blueprint (Blueprint 2015) to serve as a master plan in guiding the implementation of the AEC by 31 December 2015. At that time, ‘free flow of services’ was one of the five agreed core focus areas in the implementation of a single market. Whilst this deadline has passed, completion of any unfinished measures under Blueprint 2015 before the end of this year is a priority under the subsequent AEC Blueprint 2025. According to Blueprint 2015, there will be substantially no restrictions to ASEAN suppliers in providing services and establishing companies across national borders within the region, subject to domestic regulations. ASEAN Financial Services Sub-sectors Identified for Liberalisation 22 | DLA Piper Insurance Review – May 2016 Blueprint 2015 stipulates that the liberalisation of insurance services would cover four ‘modes’ of supply for the delivery of services in cross-border trade, which consist of: ■ ‘Cross-border supply’ e.g. an insurer based in Singapore writing policies for policy holders based in Indonesia; ■ ‘Consumption abroad’ e.g. a policy holder based in Malaysia travelling to Singapore to buy a policy from an insurer based there; ■ ‘Commercial presence’ e.g. an insurer based in Singapore writing policies in Thailand through the Singapore insurer’s Thai branch or subsidiary; and ■ ‘Presence of natural persons’ e.g. an insurer based in Singapore managing a claim through an employee working in Thailand. The member states have agreed that there should be no restrictions to the first two of these four modes, with exceptions due to bona fide regulatory reasons only, such as public safety, which will be subject to agreement by all ASEAN member countries on a case-by-case basis. Liberalisation of these two modes is still far from complete. The cross-border supply of insurance services and cross-border consumption of insurance services are still widely restricted in the AMC. For the third of these modes, ‘commercial presence’, foreign (ASEAN) equity participation of not less than 70% should be allowed for the services sectors and other market access limitations should be progressively removed, a goal which has not yet been met across the board. Finally, in a move towards the implementation of the last mode, ‘presence of natural persons’, the ASEAN agreement on the Movement of Natural Persons was signed in November 2012 to facilitate the conduct of natural persons engaged in the trading of goods, services, and investment between member states. The scope of this agreement is a limited measure affecting the temporary entry or stay of persons of a member state, into the territory of another member state. This will cover business visitors, intra-company transferees and contract service suppliers, but does not apply to measures regarding residency or employment on a permanent basis. OPPORTUNITIES FOR THE INSURANCE INDUSTRY The ASEAN Economic Blueprints will encourage an increase in cross-border trade within ASEAN, which we anticipate will directly boost demand for commercial lines such as trade-credit, marine and surety insurance business. Insurance penetration rates in ASEAN markets are generally low, less than 6% according to the Swiss Re Sigma Report, 2013. With increasing awareness, low penetration rates and strong economic growth prospects, we would expect the demand for life and accident and health insurance products to grow. We anticipate that the surging digitalisation in ASEAN will change the marketing landscape from the traditional agencies and brokerage models to digital mass-distribution of insurance products. As the insurance industry opens up in ASEAN, there will be the free flow of key skill employees among member states to support growth. The anticipated free movement of key skilled labour would also aid the development of the financial and regulatory framework of the AMC. CHALLENGES TO LIBERALISATION There is no formalised institution, such as the European Commission, to push through reforms and execute agreed policies. The ASEAN Secretariat supports the implementation of ASEAN initiatives. However, the AMC coordinate the efforts to liberalise and reform local markets among themselves with regard to the AEC. As can be expected in emerging markets, the AMC are progressing economically and socially at different rates, reflecting the political, social and operational factors of each member country. There is also no uniform regulatory framework, therefore insurers engaging in cross-border supplies will be subject to market conduct, consumer protection, data privacy, cyber security, and tax laws applicable to the local jurisdiction of each member country. LIBERALISATION OF FOREIGN OWNERSHIP RULES The seven countries (listed in figure 1) that were set for liberalisation across various insurance types by the end of 2015 are likely to have a greater structural backbone, once ASEAN leaders have agreed how, in practice, to proceed with liberalising the insurance industry. For Laos, Myanmar and Thailand, however, specific plans are yet to be developed and therefore full liberalisation of the insurance industry is not likely until nearer 2020. In Indonesia, foreign equity participation is already fairly liberalised. Indonesia permits up to 80% foreign ownership in insurance companies and insurance intermediaries. It is possible to retain foreign ownership beyond 80%, upon a request to the insurance regulator Otoritas Jasa Keuangan (OJK). The OJK will approve applications on a case-by-case basis, subject to certain requirements, including a mandatory need to increase the capital in the company. www.insuranceflashlight.com | 23 The Malaysian insurance industry is open to foreign investors, with a limit of 70% on foreign equity ownership of insurance companies, and no limits on the foreign ownership of Malaysian insurance intermediaries. In Singapore, there is no foreign equity participation limit on Singaporean insurers and insurance intermediaries, providing for a much more liberal market compared to other member countries. Thailand did not specifically commit to the liberalisation of its insurance industry by the milestone date of 31 December 2015, and currently implements one of the more restrictive of the ASEAN regulatory insurance regimes. The foreign investment threshold is low, generally 24.9%, which can be lifted up to 49% with permission from the insurance regulator (The Office of the Insurance Commission). However, a November 2015 proposal indicated that both life and non-life insurance will be removed from the list of businesses for which permission is required for foreign ownership to exceed 50%. This change is due to come into effect at the end of this year. CROSS-BORDER SUPPLY In Indonesia, the cross-border supply of insurance services relating to insured objects in the country through an unlicensed foreign insurer is not allowed, except under limited circumstances where Indonesian insurance providers are either unable or unwilling to provide the coverage. A new state-owned Indonesian reinsurance company however was set up by Presidential Regulation in October 2015, PT Reasuransi Indonesia Utama (or Indonesia Re). The purpose of Indonesia Re is to provide reinsurance capacity to the local Indonesia insurance market. In Singapore, unlicensed foreign insurers, who are not carrying on insurance business in Singapore under a foreign insurer scheme, such as the Lloyd’s Scheme and the Lloyd’s Asia Scheme, may not carry on insurance business in Singapore. Further, Singapore does not permit non-admitted insurers to advertise or promote their insurance products. As the insurance industry shifts to adapt to the digitalisation of the ASEAN markets, particularly with regard to cross-border supply, data privacy regulations and cyber-security laws of each member country may expose the insurance industry to new compliance risks. Equally, it could also present opportunities to the insurance industry as businesses in the region look to mitigate their own cyber-security risks by purchasing cyber-related insurance products. 24 | DLA Piper Insurance Review – May 2016 DATA PRIVACY ISSUES FROM CROSS-BORDER SUPPLY Indonesia, Malaysia, Philippines and Singapore have data protection laws, but the rest of the AMC do not have comprehensive legislations that regulate the processing and protection of personal data. Instead, member states without comprehensive data protection legislation have sectorial regulations with respect to information on certain industries, e.g. usually the telecommunication and financial sectors. Thailand’s Civil and Commercial Code allows an individual to seek compensation if it can be proven that the damage was caused by a wrongful act regarding their personal data. There are also broad provisions in the 2007 Constitution that recognise an individual’s right to privacy. The fact that the application and enforcement of existing data privacy legislation is different among the AMC means that insurers carrying out cross-border supplies will need to navigate through a complex web of data privacy protection provisions. CONSUMPTION ABROAD Whilst the end goal of the AEC is to remove boundaries amongst the AMC, local regulations restrict cross-border marketing of businesses, thereby creating a barrier that hinders the free flow of commerce. In Indonesia, unlicensed foreign insurers are not currently allowed to advertise their business. An Indonesian resident or citizen outside Indonesia may purchase insurance overseas for a temporary or long-term period, but only for the period they are outside of Indonesia. The consumption of insurance services abroad is therefore subject to the residency status of the individual. In Malaysia, foreign insurers may provide insurance services through local brokers, if they are approached outside Malaysia by an approved Malaysian insurance broker to issue life policies for clients in Malaysia. The soliciting and advertising of insurance policies in Malaysia by unlicensed foreign insurers is not permitted, but the consumption of insurance services abroad is allowed, provided the insurance policy is concluded outside of Malaysia. Cross-border consumption of life insurance by Singapore residents is allowed, if such sales do not render the offshore life insurer’s business activity to be carrying on a business in Singapore. COMMERCIAL PRESENCE In Indonesia, foreign insurers wishing to issue insurance policies to Indonesian citizens or residents must establish a local presence, either by setting up a local entity or by acquiring shares in a licensed Indonesian insurance company. Any party wishing to undertake insurance business or provide insurance to property in Indonesia must obtain a licence from the OJK. In Thailand, a non-admitted foreign insurer must be licenced to carry on any insurance business locally, which is a significant restriction on cross-border supply and consumption. A non-admitted foreign insurer is prohibited from marketing direct insurance products and it cannot facilitate insurance contracts, although such restrictions do not apply to reinsurance. Conversely, there are no restrictions on Thai nationals or residents on the purchase of insurance from a non-admitted insurance company. By contrast, in Myanmar, foreign owned insurance entities with a Representative Office set up in accordance with the Myanmar Companies Act 1914 may apply for a license to operate in Myanmar’s special economic zones. A US$30,000 application fee applies for these new licenses. To date, three well-known Japanese insurance companies have been granted temporary licenses to operate for six months within the Thilawi special economic zone under the new initiative, mainly offering non-life insurance products. PRESENCE OF NATURAL PERSONS In order to work in an AMC, expatriates are required to satisfy the local visa requirements of that particular member country. The history, socio-economic and national security concerns affect the immigration and expatriate policies of each AMC. Consequently, immigration and work permit requirements for each AMC vary greatly. In some member countries, such as Indonesia and Malaysia, this process can be very complex and lengthy. Other member countries have a maximum duration of stay for an expatriate as a foreign worker. For instance, there is a maximum duration of two years and three years for completion of employment contracts in Brunei and Vietnam, respectively. An expatriate’s term of work is less clear in Indonesia as it depends on the individual’s expertise and local workforce’s capability; only natural persons who are either ‘directors’ or ‘specialists’ may supply certain, specified, insurance services. www.insuranceflashlight.com | 25 Peter Shelford Country Managing Partner, Thailand Partner, Singapore Co-Chair Insurance Sector, EMEA & Asia Pacific T +66 2 686 8500 firstname.lastname@example.org Robert Tang Consultant, Thailand T +66 2 686 8551 email@example.com THE FUTURE We can see that advances towards the implementation of the AEC are varied among the AMC. Local state regulations remain heavy, particularly in the AEC goal areas of cross-border supply and consumption of insurance services. Although integration had been set to happen before the end of 2015, it has been extended by the AEC Blueprint 2025. It is indeed uncertain when these agreed changes will occur, but it is expected that the integration will occur in the years leading up to 2025. We see that the legislative and regulatory changes already made by the AMC as evidence of a firm commitment to fulfil their obligations under the AEC. To facilitate the implementation of the AEC, what is required from the AMC is convergence of regulatory frameworks, consistency across the region and improvements in prudential standards. However, barriers to achieving those goals still need to be overcome, including: ■ Differences in maturity of regional markets; ■ Protectionist attitudes; and ■ The logistical and language issues that surround the filing of policies on an international scale. What cannot be underestimated is the scale of the opportunities the AEC can offer to the insurance industry, which should open up a market incorporating 10 countries and 600 million people. The harmonisation of regulatory regimes across the ASEAN region could lower costs substantially when it comes to cross-border trade in the insurance industry, as complexity is reduced and efficiency increases. Opportunities in electronic selling as a distribution method are also expected to open up across the region, in line with the AEC’s ‘e-ASEAN’ objective. The deep penetration of tablets and smartphones across the region presents ripe opportunities for e-commerce, which the Asian insurance industry has yet to exploit. The principles of the free movement of persons provided by the AEC should encourage the movement of talent and knowledge across the insurance industry, as well as making further efficiencies possible in the form of outsourcing. It will be advantageous for insurance businesses to have a clear strategy in relation to the upcoming changes, and to be positioned in such a way to take full advantage of the opportunities offered when the time comes. The insurance industry depends on an open trading environment, and the introduction of the AEC should eventually allow insurance businesses to share information and spread risk across a global market place. 26 | DLA Piper Insurance Review – May 2016 ENVIRONMENTAL RISKS DISCLOSURE REQUIREMENTS FOR ENVIRONMENTAL RISKS In 2014, the Principles were amended to include a recommendation that ‘a listed entity should disclose whether it has any material exposure to economic, environmental and social sustainability risks and, if it does, how it manages or intends to manage those risks.’ This addition to the Principles reflects the increasing importance of managing environmental and social risks faced by large companies, particularly those operating across multiple countries with disparate regulatory requirements. 2015 was the first year that these risks were expected to be addressed in Corporate Governance Statements. Looking overseas, where management of environmental risks has developed more rapidly, there are many examples of environmental and social sustainability risks that have come to a head in the past year. Notably, in November 2015 ExxonMobil confirmed that it had been served by the attorney general of New York with a subpoena to produce documents relating to climate change. This suggests the possibility that a regulatory investigation on ExxonMobil’s climate change disclosures is underway and, if so, enforcement action and shareholder litigation could well follow. Some media reports suggest that ExxonMobil was aware of climate change risk as early as the 1970s. Given the fiercely contested nature of findings in climate change science, and ExxonMobil’s duty to its shareholders to generate profit, when should climate change disclosures have been made? What information should the disclosures have contained about the risk? Moreover, what disclosure about how that risk would be managed should have been included, and how could ExxonMobil’s commercial interests have been protected in the course of making those disclosures? These questions, which just scratch the surface, demonstrate the complexities that companies face in reporting environmental and similar risks. Companies are obliged to disclose a risk and how that risk will be managed if there is a real possibility that the entity’s ability to create or preserve value could be substantively impacted if the risk eventuates. The Principles suggest that companies are not required to publish a sustainability report, although many already do, and doing so will likely become standard practice. Applying the Principles and preparing reports will be challenging for boards, and failure to adequately disclose environmental and like risks could have serious implications for directors. Aside from the risk of a securities class action, company directors and officers face the risk of regulatory enforcement action and potential criminal prosecutions. Liability for those risks may not be covered by standard directors and officers (D&O) insurance policies and directors may face exposure to personal liability. Because environmental liabilities are normally criminal offences, they often either do not fall within D&O policy coverage, are subject to an environmental or pollution policy exclusion, or are excluded pursuant to a standard criminal offence exclusion. While pollution and environmental damage are commonly excluded by D&O policies, in some D&O policies the exclusion is not triggered if the claim is a shareholder class action. Similarly, some D&O policies may contain a defence costs extension for shareholder class actions for liability resulting from environmental or pollution based claims. There is nothing new in the notion that companies are required to effectively manage and disclose risks so that investors can make informed investment decisions. Guidance on recognition and management of risk for listed Australian companies is contained in the ASX Corporate Governance Principles (the Principles). www.insuranceflashlight.com | 27 Ultimately, whether a director will be personally liable for environmental liabilities, and whether their D&O insurance policy will respond, will depend on the nature of the offence and the terms of the policy/policies. There are three primary types of liability relevant to environmental offences alleged against directors. The first – direct liability – is only likely to be relevant for small scale businesses where a director has operational involvement and direct knowledge of any environmental risks. The second – accessorial liability – is where, by virtue of acts or omissions, a director is liable as an accessory to an environmental infringement. The third – deemed or derivative liability – arises where a director is liable due to their management position in the company. Unsurprisingly, directors are most likely to be subject to deemed or derivative liability for offences committed by the company, unless they had knowledge or some form of involvement likely to give rise to direct or accessorial liability. When it comes to quantifying the claimed loss, it can be notoriously difficult to quantify an appropriate amount, particularly where environmental or social sustainability issues arise with unknown future consequences. For example, in the case of failure to disclose a company’s material risk of causing an oil spill in the ocean, what would be an appropriate measure of compensation for shareholders? What loss, if any, should be recoverable by shareholders for loss of future profits due to increased compliance requirements or reputational harm? Should shareholders be able to seek recovery of fines issued to the company or its directors for committing environmental offences? Or would those costs be a, preferably avoided, but necessary business cost? These complexities would need to be considered in the context of different layers of coverage and the potential application of different policy wording in multiple layer policies. Further, different arms of a D&O policy respond if there is coverage under side-A or side-B, depending on the nature of the legal action. It will be interesting to see how the potential environmental breaches that have come to light in the past year will be dealt with through regulatory action and shareholder litigation, as well as how insurers will respond to the increasing economic, environmental and social sustainability risks that companies and directors must disclose. In our view, companies are more likely to face regulatory action and shareholder litigation for making late or shallow disclosure of environmental risks. The downfalls of not disclosing risks, particularly risks with genesis in commonly understood phenomena such as climate change, are unlikely to outweigh the disadvantages of disclosing them. However, companies should be careful to only commit to feasible risk management strategies when addressing how to manage a risk. If companies disclose an overly ambitious risk management strategy, shareholders could sue for loss that arises from failure to implement the protective measures. Similarly, directors and officers should bear in mind that even if they have minimal exposure from environmental risks, they can be pursued for environment-related nondisclosures through various legal avenues. Personal liability for claims may vary depending on the particular legal path taken, and the wording of different D&O policies. Therefore, care should be taken when arranging cover to avoid any shortfalls in coverage, especially by those in high-risk environmental industries. David Leggatt Co-Head, Insurance Sector Australia T +61 3 9274 5473 firstname.lastname@example.org Benjamin Hine Solicitor T +61 3 9274 5035 email@example.com 28 | DLA Piper Insurance Review – May 2016 One of the foundations of long-tail liabilities is the duty of care held by these insured parties to their patients, which often does not have a clear endpoint. It can be many years before the harm to a patient crystallises, and years more before a claim is made. This challenging situation is compounded by courts’ decisions, in recent years, to grant extensions of time for plaintiffs to issue proceedings. DUTY OF CARE ISSUES When a patient seeks advice or treatment from a provider, the provider generally assumes a duty of care. This duty is “discharged” only when the provider has taken the reasonable care that the duty requires. There is no hard-and-fast rule about when a duty is discharged and it can be difficult for a provider to prove that this was done. A provider might wish to show there was: ■ Reasonable evidence to infer that the condition had been successfully treated; ■ A reasonable referral of the patient to another provider; ■ Reasonable advice to the patient to take certain steps; ■ The patient rejecting reasonable advice of any sort. The question is not whether the provider’s conduct was effective, for example whether the patient actually re-attended for further treatment, but whether it was reasonable. In the medical malpractice market, institutional and individual health care providers face unique long-tail liabilities. The Courts accept that patients are assumed to be autonomous and therefore have the right to accept or reject advice and treatment. As the NSW Court of Appeal commented in O’Brien v Wheeler  NSWCA 236, the case law: ‘‘... reflects the autonomy of the adult patient, who is regarded as having the right (if properly informed) to decide for himself or herself ... An adult patient who is in a position to make a choice has the right to elect a surgical procedure which the hypothetical ‘reasonable’ person in his or her shoes would avoid, and to refuse a procedure which the hypothetical ‘reasonable’ person in his or her shoes would embrace.’’ ALMARIO V VARIPATIS  NSWCA 76 In this case, a plaintiff sued his general practitioner in 2012, claiming he ought to have been referred to a bariatric surgeon for advice on weight loss surgery at some point between 1997 and 2003. He had not been given this referral and had not lost weight, and had subsequently developed complications of his obesity including cirrhosis of the liver. Relevantly, the plaintiff had failed to act on a previous referral to an obesity clinic and had failed to act on the advice of another doctor to lose weight. The plaintiff established liability at first instance, and the general practitioner (GP) appealed. The NSW Court of Appeal found that the plaintiff had failed to establish that he would have accepted a referral to an obesity clinic or lost weight if he had. The Court commented: MEDICAL INDEMNITY LONG-TAIL LIABILITIES IN THE MEDICAL MALPRACTICE MARKET www.insuranceflashlight.com | 29 ‘‘If the plaintiff refused to take the firm advice of his general practitioner, and of experts to whom he had been referred, there was no breach of duty on the part of a general practitioner in failing to write a further referral. The duty of care stopped short of requiring an exercise in futility.’’ The patient applied to the High Court for special leave to appeal the decision, but it was refused. GRINHAM V TABRO MEATS PTY LTD & ANOR  VSC 491 The patient attended his GP clinic for immunisation against the Q fever virus in 2002. The GP correctly told the patient that, given the results of certain preliminary testing, he could not be vaccinated at that time. She provided the patient with a referral for further testing and asked that he re-attend her in one month’s time. The patient did not take the further test, or re-attend, and the GP took no steps to follow up. Four years later, in 2006, the patient contracted the Q fever virus, which would have been avoided had he been vaccinated. The patient issued proceedings against his employer in 2010. The employer then brought a third party proceeding against the GP. The Court commented that the GP’s duty of care did not cease when the patient left the clinic after the consultation. It said there was an ongoing doctor/patient relationship with a continuing duty until, at least, the time the patient should have re-attended the clinic. The Court needed to determine whether it was reasonable for the GP to not have taken the further step of recalling the patient when he failed to re-attend. Significantly, the Court commented that: ‘‘…the question of advice and recall cannot be determined on a generic basis, it must be context specific: all the circumstances must be considered such as the patient’s symptoms (if any), presentation, potential risk, comprehension of the advice and history of compliance.’’ The Court found that the GP had acted reasonably in the circumstances. It said that the patient understood the advice provided by the GP, including the risk he faced and the need to undergo further testing and re-attend. It was his decision not to do so and the GP had no reason to believe that he would not follow her advice. LIMITATION PERIOD ISSUES Australia’s tort reforms, in around 2003, introduced shorter limitation periods for personal injury claims. The statutes vary from state to state. The trade-off is that, in these claims, the time for a potential plaintiff to bring a claim begins to run from the date he or she knew, or should have known, that injury, loss or death was caused by the defendant, or by some fault on the defendant’s part. If the potential plaintiff still exceeds the limitation period, courts generally have the ability to extend the period. We are seeing a trend with courts becoming more lenient in their interpretation of when the period begins, and in granting extensions. 30 | DLA Piper Insurance Review – May 2016 AME HOSPITALS PTY LTD V DIXON  WASCA 63 The allegations related to the plaintiff’s birth in 2001. The plaintiff suffered cerebral palsy. His father engaged lawyers to advise in relation to the birth. An expert report was commissioned, which found that the care given had been appropriate. The expert did not comment on the cause of the cerebral palsy (and was not asked to do so). A limitation period began to run in 2005 on the passage of new legislation. This period expired in 2011. In May 2012, the father instructed lawyers to obtain another expert report. This new expert report was critical of the care given in 2001, and said that the birth had led to hypoxic ischaemic encephalopathy (HIE), which in turn had caused cerebral palsy. The father sought an extension of time. The relevant legislation turned on the plaintiff (or those bringing the litigation on his/her behalf) knowing that he/she had suffered “injury” and knowing of the “physical cause” of this injury. The father argued that the HIE (rather than the resultant cerebral palsy) was the “injury” or alternatively the “physical cause” of injury. At first instance, the Master hearing the application agreed. He found that the HIE was the injury and that the father had not known about this, or the causative process, until the second report was received. The WA Court of Appeal upheld this decision. An application for special leave to appeal the decision to the High Court was unsuccessful. JONES & ORS V LU & ORS (UNREPORTED, COUNTY COURT OF VICTORIA, WISCHUSEN J, 10 MARCH 2015) In this case, the plaintiff’s wife was treated by the defendants in 2001 and 2002. She died in 2003 from breast cancer, and the gist of the claim was that there had been a missed opportunity to diagnose and treat this. The plaintiff had approached lawyers well before the relevant limitation period expired (in 2006). The Victorian County Court found that inactivity by the plaintiff’s solicitors had led to proceedings not being issued by 2006. Ultimately, these proceedings were not issued until 2012. The plaintiff argued that he had not formed a view, for some time, that his wife’s death was the fault of some or all of the medical practitioners involved. The Court did not accept this, and found he had formed the requisite belief prior to the 2003 death. However, the Court granted the plaintiff an extension, despite the proceedings being brought nearly nine years after the cause of action accrued, an “undoubtedly great” delay. In support of this, the Court found that the delay had not caused any significant prejudice to the defendants. The Court was unwilling to find that the plaintiff could have proceeded against his solicitors instead. CONCLUSION Insurers understand that the continuing nature of a provider’s duty of care may often result in a long-tail liability. This has not been made any easier by the courts seemingly becoming more lenient in granting extensions of time. This does not mean, however, that the Australian medical malpractice market is a high-risk one, and indeed there appears to be a stable claims environment at this time. Paul Lamb Senior Associate T +61 3 9274 52222 firstname.lastname@example.org With thanks to Bianca Parussolo, Solicitor, for her assistance. www.insuranceflashlight.com | 31 Commercial buildings in New Zealand are insured under what is called a Material Damage Policy (also known as an Industrial Special Risks Policy in Australia). Since the Canterbury earthquakes, this policy has come under unprecedented scrutiny by the New Zealand Courts as a result of disputes arising from earthquake claims. The cover for commercial buildings under this policy tends to be similar worldwide and so the New Zealand decisions will become useful precedents for other common law jurisdictions. In this article, we look at two of the most recent decisions. VERO INSURANCE NZ LTD V MORRISON  NZCA 246 The insured’s building was insured for approximately NZ$3.5 million on a per event basis. This means that for each earthquake event potentially NZ$3.5 million was available under the policy. The cover was on an indemnity only basis. This is commonly referred to as ‘old for old’ cover based on depreciation applying. Therefore, the insured was only entitled to the building being restored to its condition immediately before the loss (and not to an as-new condition). The building suffered five earthquake events and the insured made claims for damage caused by each of them. Because the earthquake events occurred in relatively quick succession, little or no actual repairs occurred between them. There was no straightforward way of determining how much damage was caused by each earthquake event. To overcome this, the insured developed a model, which purported to allocate damage to each event. The insurer rejected this model on the basis that there was independent and reliable evidence of the damage from each event in interim reports prepared by loss adjusters and others. The Court of Appeal held that although modelling could provide useful evidence in order to produce practical justice, there were obvious difficulties with this model and the trial judge had placed too much emphasis on it. Contrary to the model, the Court of Appeal found that the final earthquake event in June 2011 had caused little, if any, further damage to the building. A further issue was whether the building was ‘destroyed’ by the February 2011 earthquake event, exhausting the policy at this point. The policy defined ‘destroyed’ as: … so damaged by an insured event that the property, by reason only of that damage, cannot be repaired. The insurer argued the definition contained an implied requirement that the building could not be ‘reasonably’ repaired, which was the case where the cost of repair made repair uneconomic. The Court of Appeal rejected that argument and held that whether a building was destroyed was to be: ‘… informed by considerations which may include any special features of the building, the insured’s intentions for it so far as they are not eccentric or unreasonable, and the respective costs of reinstatement or replacement. On the facts, the building was still functional, it retained some heritage value and repair costs were NZ$7.1 million against replacement costs of NZ$9 million. It was not, therefore, destroyed. The final issue was whether the cost of new piles for the building that were required as part of earthquake strengthening during the repairs were covered. The Court of Appeal agreed with the trial judge that they are not because the building did not have piles before the earthquake and the policy only provided ‘old for old’ cover. PARKIN V VERO INSURANCE NZ LTD  NZHC 1675 The insured’s house was near new and suffered damage in both the September 2010 earthquake and the February 2011 earthquake. The policy contained a basis of settlement clause that paid for the costs actually incurred by the insured to repair the damaged portion of the house, using currently equivalent materials to a ‘when new’ condition. This is commonly referred to as ‘new for old’ cover. The dispute related to what all this meant in a practical sense. The Court held: ■ While it was clear the insured had to incur repair costs before the insurer faced any liability under the policy, this EARTHQUAKE CASES KEEP NEW ZEALAND COURTS BUSY 32 | DLA Piper Insurance Review – May 2016 did not equate to the insured having to spend his own money first. Liability is triggered when he is under a legal obligation to pay the repair costs. ■ The insurer had not broken its duty of utmost good faith by not settling as the insured had requested. In any event, any duty owed by the insurer to the insured arising from the policy came to an end once court proceedings were issued. After that point, the insured’s entitlement to any consequential losses was governed by the High Court Rules. ■ Repairing to the standard of ‘when new’ did not require the insurers to replace rather than repair every single damaged item, even although the house was near new before the earthquakes. The standard of repair required by the policy was to render the fact of damage immaterial. Where an item only had a functional purpose, so long as the repair or replacement restores that functional purpose to a ‘when new’ condition, the policy obligation was met. If there was an aesthetic purpose, the remedial process required is to restore the former aesthetics to a ‘when new’ quality and that might mean that in some situations, replacement was the only option. Despite the 6th anniversary of the first earthquake occurring in September 2016, there is no sign of earthquake related court proceedings being at an end. We expect some further interesting decisions from the New Zealand Courts on the application of the Material Damage Policy and the Business Interruption Policy this year and beyond. Crossley Gates Partner T +64 9 300 3823 email@example.com www.insuranceflashlight.com | 33 Numerous reforms in Australia affecting the insurance industry saw progress throughout last year. Retail life insurance, firm culture and financial services were all targeted in a number of regulatory changes and proposed regulatory changes. THE PENDING REFORM OF THE RETAIL LIFE INSURANCE SECTOR In February 2016, the Federal Government released amendments to the life insurance remuneration arrangements under the Corporations Act. The draft Corporations Amendment (Life Insurance Remuneration Arrangements) Bill 2016 (the Amendment Bill) targets conflicted remuneration for benefits paid on life risk insurance products, to ‘‘better align the interests of consumers and those providing advice.’’ As at 16 March 2016, the Amendment Bill is before the Senate. The Amendment Bill is the product of the Financial Systems Inquiry and a report by Australian Securities Investment Commission (ASIC) into the retail life insurance industry. The report identified a number of concerning trends in the industry in particular the link between the quality of advice and commissions paid to life insurance advisors. The proposed changes further distinguish the retail life insurance market from the general insurance product market. The Amendment Bill provides that benefits paid in relation to life risk insurance products will be subject to the general ban on conflicted remuneration going forward. This is the case until ASIC specifies exemption criteria and the products satisfy those requirements. The proposed requirements relate to allowable commission and clawback arrangements. General insurance products have a general exemption from the conflicted remuneration provisions. The reforms make both allowable commission and clawback requirements precursors to the conflicted remuneration exception. Maximum upfront allowable commissions are proposed and clawback arrangements act to remove incentive to rewrite policies to obtain further commission. The Amendment Bill also facilitates ongoing reporting to ASIC under its existing powers in the Corporations Act which the regulator will use to review the new arrangements in 2018. ASIC has released a consultation paper (CP 245) in response to the Amendment Bill setting out its position regarding industry reforms. ASIC endorses a number of the proposals in the Amendment Bill including restructuring commissions and clawback arrangements. A two year transition period was included in ASIC’s proposal to allow businesses to adapt to the new regime. This position is premised on the strong correlation found by ASIC between high upfront commissions and poor advice. INSURANCE REGULATION UPDATES AND PENDING REFORMS 34 | DLA Piper Insurance Review – May 2016 ASIC has also flagged its intention to undertake informationgathering pursuant to its powers in section 912C of the Corporations Act to require information from life insurers including exited policies, remuneration data and lapse rates. The Amendment Bill likely signals the last significant development arising out of the Future of Financial Advice reforms that commenced in 2010. 2015 SNAPSHOT In October 2015, the Federal Government released its response to the Financial Systems Inquiry adopting the bulk of the 44 recommendations made by the Inquiry. It is expected that the bulk of the reforms in the insurance sector throughout the next year will be a product of the recommendations of the Financial Systems Inquiry. The reforms anticipated may include expanding ASIC’s power to intervene in financial product development and withdraw or modify products from the market that are harmful. It is expected there will be a number of enhancements of ASIC’s powers in the market. A review into the capability of ASIC aimed at considering how ‘‘ASIC uses its current resources and powers to deliver its statutory objectives and assess ASIC’s ability to perform as a capable and transparent regulator’’ is also underway. It was expected the review panel, chaired by Karen Chester, would deliver their report by the end of 2015 but it is yet to be delivered. Once the review is completed, it is expected that draft legislation will be released for consultation addressing ASIC’s powers and other recommendations of the Financial Systems Inquiry. FINALISING OF THE FOFA REFORMS In June 2015, the federal government announced further refinements to the Future of Financial Advice laws (FOFA laws). The regulation introduces technical refinements to target a number of unintended consequences and ensure consistency with other legislation. Other than the changes to the retail life insurance industry it is not anticipated there will be any further significant changes to the FOFA laws. ASIC TO REGULATE CULTURE OF FIRMS In June 2015, ASIC Chairman Greg Medcraft used his address to the Senate Estimates Committee to propose new strategies to target the correlation between poor firm culture and poor conduct in the financial industry. These strategies include the regulation of culture through risk-based surveillance reviews, the implementation of the ‘‘communication, challenge and complacency’’ framework and the ability to pursue officers for civil penalties where culture is responsible for administrative breaches. David Leggatt Co-Head, Insurance Sector Australia T +61 3 9274 5473 firstname.lastname@example.org Samantha O’Brien Co-Head, Insurance Sector Australia T +61 7 3246 4122 email@example.com Sophie Devitt Partner T +61 7 3246 4058 firstname.lastname@example.org www.insuranceflashlight.com | 35 KEY INSURANCE CONTACTS ASIA PACIFIC Peter Shelford Insurance Sector Leader Asia Pacific T +662 686 8533 email@example.com John Goulios Co-Head, Insurance Sector Asia Pacific T + 65 6512 9517 or +61 416 176 279 firstname.lastname@example.org David Leggatt Co-Head, Insurance Sector Australia T +61 3 9274 5473 email@example.com Samantha O’Brien Co-Head, Insurance Sector Australia T +61 7 3246 4122 firstname.lastname@example.org US & THE AMERICAS Michael P. Murphy Global Head, Insurance and Reinsurance T +1 212 335 4755 email@example.com William C. Marcoux Head of Insurance Transactions and Regulation T +1 212 335 4885 firstname.lastname@example.org UK & EMEA Andrew Symons Partner, Insurance and Reinsurance T +44 20 7796 6580 email@example.com Prakash Paran Co-Chair, EMEA Insurance Group T +44 20 7153 7529 firstname.lastname@example.org For more information on our insurance sector, please contact: DLA Piper is a global law firm operating through various separate and distinct legal entities. Further details of these entities can be found at www.dlapiper.com. This publication is intended as a general overview and discussion of the subjects dealt with, and does not create a lawyer-client relationship. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. DLA Piper will accept no responsibility for any actions taken or not taken on the basis of this publication. This may qualify as “Lawyer Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome. Copyright © 2016 DLA Piper. All rights reserved. | MAY16 | 3069752 www.dlapiper.com
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact email@example.comRegister
Insurance review - May 2016
To view this article you need a PDF viewer such as Adobe Reader.
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email firstname.lastname@example.org.
Related topic hubs
Shell Eastern Petroleum
"I would like to thank the SCCA for this excellent service! The articles included in the newsfeeds are very useful and informative, and the user-friendly format of the newsfeeds means I can quickly glance over the précis in the emails to choose what to zoom in on."