Accounting firms that provide auditing services to banks, as well as other bank service providers, can be centers of influence. Suppose a bank is starting from scratch. Their auditors will inquire about their insurance arrangements. If they haven't been addressed, the auditors might suggest they contact us.

We also hear from other agents who perhaps don't have expertise with financial-institution insurance but would like to work with somebody who does. Often they are customers of a local bank or perhaps a board member. When we work with such agents, we require them to let us make joint presentations to the banks. We also must be the agent of record with our carriers. Perhaps 10% of our business is written with such agents.

When working with local banks, we may write just the directors and officers liability insurance and the financial institution bond, while the local agents continue to write the standard property-casualty coverages, which they are quite qualified to do. Community banks have a strong desire to do business locally, and sometimes resist the idea of taking their business away from a local agent. When we compete only for the specialized coverages, a bank doesn't have to pull the entire account away from its current agent–which makes their decision to do business with us easier.

Going in prepared

Our approach to selling is to research a prospect thoroughly, then schedule a first appointment, at which time we discuss why we would be a good fit for them, based on our findings. Before calling on banks, we use the Internet to look up their financial statements and other information. Much of it is available on banks' own Web sites as well as those of such regulators as the Federal Deposit Insurance Corp. The FDIC site provides quarterly financial information for banks, whether they're publicly traded or not. If they are publicly traded, there's a wealth of additional information in all the regulatory reports banks are required to file.

In our initial appointment, we offer banks a complimentary review of their insurance programs. By obtaining the review and an alternative bid from us, they will gain a much broader understanding of their insurance program, whether they elect to work with us or decide to stay where they are. Our approach leads to a pretty good conversion ratio; we close on about 30% of our quotes.

Our analysis starts with an examination of banks' insurance policies, focusing in particular on the D&O policy and the financial institution bond. No two D&O policies are identical, and it's often possible to find gaps. A few carriers, for instance, do not provide “broad form” entity coverage.

The main purpose of a D&O policy is to cover a financial institution and its executives for claims and litigation brought by customers, regulators and shareholders, among other parties. When you add other coverages, you may erode the executives' protection. Some banks, for instance, add employment practices liability insurance to their D&O policies, rather than buy a separate policy. Small banks with relatively few employees, for instance, sometimes think their EPL exposures are low enough to go that route. Yet I've seen $500,000 awards in employment-practices suits against small banks. That can really erode the D&O limits, so we always recommend a separate EPLI policy. At larger financial institutions, directors sometimes are interested in “side A” D&O coverage, which provides limits for their sole protection.

Having a broad definition of a claim is important. With some D&O policies, the definition is a “written demand” or “administrative proceeding or lawsuit.” In better policies, it's broadened to include oral demands, which can start the clock ticking sooner on deductibles and can get a carrier involved in an incident before it turns into a lawsuit.

We are extremely careful about advising banks on insurance limits. They should pick their own, based on contractual and regulatory requirements, and their own risk tolerance. We do give clients survey information from various bank-related insurance sources, however, to show them the limits their peers are purchasing. In our experience, a bank tends to buy higher limits, regardless of its size, if an attorney sits on its board or if a lawyer is directly involved in its insurance program. For example, one of my clients, a privately owned bank with $400 million in assets, maintains the same $15 million D&O limits as does another client, a publicly owned bank with $3.4 billion in assets. The smaller bank's purchase of higher limits was influenced by a law firm engaged to review its insurance program. It told them to carry $30 million D&O limits. They couldn't afford that (and no carrier would offer it), but they did buy the $15 million limit.

D&O is a top priority for us, both before and after the sale. After we obtain a new account, we ask to speak to the board at least once a year to review and explain its coverage. We call our presentation “D&O 101.” Many D&O policies offered today are purchased on a three-year prepaid basis. Nevertheless, we still conduct annual insurance reviews, because you can't assume nothing will change while a policy is in force.

We also have a thorough discussion with banks about their financial institution bond policies. Check-clearing increasingly is being done electronically, rather than via the exchange of paper checks. Some financial institution bonds exclude some forms of check fraud because of this absence of paper checks. These bond policies must be properly endorsed to extend forgery and alteration coverage to losses arising from “substitute checks.” Customer-initiated wire transfers pose big risk to financial institutions that do not have proper controls to mitigate loss from fraudulent requests. Furthermore, if banks are not in compliance with the conditions set forth in their financial institution bond policies, such losses will be denied, resulting in a hit to the bank's bottom line. We make sure banks understand that their internal policies must jibe with these financial institution bond conditions. The FDIC recently issued a bulletin on the importance of complying with the conditions, which was helpful in getting the word out.

Banks also increasingly are allowing their retail-business clients to use so-called “remote deposit devices,” which enable them to transmit customer receipts to banks electronically, rather than physically bring cash and checks to the bank for deposit. Banks can cover this exposure via a readily available endorsement to the financial institution bond.

It is important for banks to understand a financial institutions bond's exclusions, so they are aware of exposures they must treat in some other manner. One is for credit- and debit-card fraud. Banks historically have self-insured this exposure, although at least one carrier has announced a product to cover it. If banks are not going to buy such coverage, which tends to be expensive, they can turn to third-party fraud-monitoring services, which track card activity and flag atypical transactions.

Financial institution bonds cover some, but not all, types of check fraud. If a bank accepts a cashier's check that turns out to be counterfeit, the loss may not be insured if the cashier's check for any reason is not finally paid. To minimize losses, banks must train tellers to examine such checks carefully. They also can call the banks on which the checks are drawn, to make sure they're authentic.

Various types of losses arising from Internet banking services are insurable, but D&O policies and financial institution bond forms do not provide broad-form affirmative coverage for liability arising from them. Some bond forms will provide first-party coverage for this exposure but not third-party coverage. Several forms are available to fill this gap, but the coverage is expensive and probably fewer than half of all banks have bought coverage. Still, that's an area in which coverage is likely to grow.

Ancillary opportunities

Our review includes not only an examination of banks' insurance exposures and current coverage, but also an analysis of other products we could help them add to their portfolios to generate additional income. These can include products ancillary to loans, like credit life, disability and accidental-death insurance. We also can provide banks with software that enables them to access an Internet-based program they can use to sell term life insurance to anybody, not just a loan customer. This is a point-of-sale product. Customers answer a brief list of questions. If they qualify for coverage, the bank can print a policy on the spot and close the sale. We can offer banks a similar point-of-sale product for annuities.

If a bank has a significant portfolio of auto loans, we can help it sell “gap” insurance to its customers. It pays the difference between a car's actual cash value and the loan balance, which frequently is higher, given the rapid depreciation of most vehicles. Then, in the event that a car is totaled, or stolen and never recovered, the customer will not have to worry about an unpaid loan balance.

Markets

In placing D&O and financial institution bonds, we primarily use Progressive, Chubb and St. Paul Travelers, all admitted markets. Agents or brokers working in this niche sometimes need access to excess and surplus-lines insurance companies as well. Financial institutions that operate under a regulatory order, or that experience excessive claims or deteriorating financial performance are likely to be insured by Lexington Insurance Co. or Lloyd's, which specialize in writing “troubled risks.”

In our submissions, we don't have to provide insurance companies with as large a stack of paper as we once did, since many of the financial and regulatory reports they require are now available online, particularly for publicly owned banks. Underwriters also want to see a list of directors to ensure the board represents a fair cross-section of the community. They also want proof that the board members regularly attend meetings and otherwise carry out their responsibilities. If there have been recent changes in senior management positions, underwriters will ask for r?sum?s of the new executives.

Banks used to just be lending and deposit-taking institutions. Now they offer brokerage, insurance, etc. Consequently underwriters are asking more questions about such “alternative services.”

The insurance market for D&O and financial institution bonds is soft and getting softer. I remember when a $1 million D&O policy went for a minimum of $15,000. Today you can get the same coverage for $3,500. One thing we are doing to counter this trend is pursuing account-rounding more aggressively.

Soft markets, however, come and go, and we try to take them philosophically. In the long run, we think Willie Sutton had it right. Financial institutions are a great class of business to pursue.

Debra McManigle is a vice president of the Battle Creek, Mich., office of Hub International and a producer/manager of her own book of financial institution insurance. Part of her job is to train producers at other Hub offices and otherwise help them sell and service financial-institution business. She holds the Certified Financial Security Officer designation.

Helping banks improve their security

My job is not only to sell insurance to financial institutions but also to help them improve their security. In a small bank, the security officer typically wears five other hats, so our security services are seen as a big value-added and a major selling point.

I hold the Certified Financial Security Officer designation. The knowledge I obtained in getting it has been extremely useful to my career. The financial institution bond, one of the main insurance products sold to banks, provides coverage for robbery, fraud and employee dishonesty, among other things. Of course, loss control and prevention also must be used to treat these exposures. What I learned in becoming a CFSO enables me to provide banks with risk management advice that goes beyond merely selling policies. Such advice and service also helps our clients meet the security requirements of the federal Bank Protection Act.

As part of our inspection of a bank's premises, we check their surveillance monitors, which in the event of a crime are vital to providing law enforcement good visual identification of the perpetrators. I examine the equipment and the quality of the images it produces. I walked into a bank one day and found its VCR wasn't working, so the bank immediately got that fixed.

Procedures for opening a bank are quite important. Two employees should arrive at the parking lot in separate vehicles. Only after both are present should one get out and inspect the immediate area, then open the bank and check it. The other should remain in his or her vehicle until getting the “all clear.” If the proper response is not given, the employee in the parking lot immediately summons help.

We check banks' behind-the-counter procedures to ensure that losses are minimized in the event of a robbery. Are the tellers adhering to their cash limits? Is there dual control over the vault, where most of the cash is? Lately we've seen high six-figure robbery losses. That's due to such things as a teller leaving the vault open instead of locking it up and putting it under a “timed delay,” which makes it impossible to open at a moment's notice. Some tellers think, “It's busy between 2 p.m. and 4 p.m., so I'll leave the door to the vault ajar.” That's a big no-no.

We also ascertain whether employees have been trained how to respond to a robbery in a way that will best ensure their own safety. They also should be shown how to preserve evidence after a robbery and otherwise work with law enforcement and the media.

Armed robberies are dramatic and can cause large losses. Still, they account for a relatively small part of the losses that banks suffer from criminal activity. Fraud and employee dishonesty are much larger exposures. Just recently, for example, one of my banks suffered a $950,000 loss from check kiting. In such a scheme, the perpetrator deposits into one bank a large check drawn on an account he or she holds at another. After depositing the check, the perpetrator immediately draws on it. When the bank presents the check for payment to the other financial institution, it finds that the perpetrator's account there has little or no funds to cover it.

When these schemes are successful, it's usually because the victimized bank failed to put a hold on a check until it cleared the other bank, often in violation of its own procedures. For instance, banks may drop their guard and relax their standards when dealing with a familiar face. In the case of my client, the perpetrator had been a good customer for 30 years, so the bank made an exception to their usual check-clearing procedures. Unfortunately, the customer also owned a business that was failing, and he turned to check kiting out of desperation.

The potential for check kiting can be compounded by regulations that allow banks to put a hold on checks only for a certain number of days. If a bank has a reason to be suspicious, however, it can hold a check longer and document why it is doing so. Certainly, my client might have done so. Instead, they're going to call on their financial institution bond to pay its limits. Then they'll have to somehow try to recover the rest from their customer.

Banks also can be liable for losses arising from “pfishing” scams, in which perpetrators send victims phony e-mail messages purporting to be from their banks and inducing the victims to divulge bank-account numbers and other sensitive information. Then the perpetrators transfer the victims' funds to accounts they control, empty them and vanish.

Federal law protects those na?ve enough to respond to pfishing scams. As long as victims rely in good faith on their apparent legitimacy (the scams often use actual bank logos and other graphics to make them look authentic) and as long as they notice and report the fraud within a certain number of days, banks are required to make their customers whole. The risk from this fraud is not insurable, so we stress to banks the importance of educating their customers. Among other things, banks can send letters to clients telling them they never will attempt to contact them by e-mail.

As previously mentioned, scam artists often open accounts into which they transfer funds from people they've defrauded. Banks can purchase third-party software that will monitor activity in new accounts and raise the alarm if large or frequent deposits are transferred into them. By doing so, they can keep from being used in the commission of a crime–and perform a valuable service to other banks and their customers. Think of it as “communal” risk management.

–Debra R. McManigle