The Emerging Importance Of Cyber Liability Insurance And EPLI

BLOG VIEW: For lenders, determining proper insurance coverages, limits, optional endorsements and deductibles can be a time-consuming and, let's face it, tedious task. To make things easy, many lenders simply purchase insurance that meets the minimum requirements mandated by investors, warehouse lenders or government-sponsored enterprises (GSEs), such as Fannie Mae and Freddie Mac.

However, these entities aren't necessarily recommending insurance based on what's best for the lender but, rather, the coverages that meet their requirements. Often the only coverages mandated are fidelity (employee dishonesty) and mortgage errors and omissions (for failure to obtain or maintain insurance). This may leave a gaping, uninsured hole in a lender's business activities.

In fact, in light of the current mortgage marketplace, three coverages in particular are becoming more important for companies in the mortgage industry and justify a conversation with your insurance broker: professional liability (business malpractice), cyber liability insurance and employment practices liability insurance. For this article, let's focus on the latter two insurance coverages.

What Is Cyber Liability Insurance?
Cyber liability insurance was created to protect companies from loss or corruption of data, as well as liability from data theft. In terms of data loss or corruption, the policy can cover the cost associated with such instances as restoring data lost as the result of a computer attack, restoring your computer system after a system failure and dealing with forms of cyber extortion, such as a hacker threatening to unleash a computer attack against your company unless you pay.

But cyber liability's real value comes in the form of the coverage provided in the case of data theft.

Why Do Lenders Need Cyber Liability Insurance?
The personal customer information a lender needs for underwriting loans makes it a prime target for cyber thieves. Think about it. A lender possesses everything cyber crooks need for identity theft – and they want that data.

If a breach to a lender's system exposes a customer's personally identifiable information, such as social security number, driver's license number, address, date of birth or bank account information, it may have a significant liability.

The costs resulting from data theft can be astronomical. First, the lender needs to notify customers, because 47 states currently require that individuals be alerted of security breaches involving their personal information. (Aditionally, a recent White House advisory group put out a report calling for Congress to pass legislation on a single national data breach standard. As a start to rectifying the situation with customers, the lender would also most likely pay for a service to monitor their credit. On top of that, a lender would need to perform crisis and reputation management through public relations and other marketing efforts.

According to the Ponemon Institute, a research center focused on data security, data breaches resulting from a malicious or criminal attack cost firms, on average, $277 per compromised record in 2013. What's more, the average loss per incident was $5.4 million.

Could your company handle a $5.4 million out-of-pocket expense? Or, look at it this way: A database of a mere 1,000 records made up of customers, past customers, prospects, etc., could result in a $277,000 expense if there were a breach. So, how big is your customer database?

What Is EPLI?
Employment practices liability insurance (EPLI) can protect a lender and its employees from a wide range of suits alleging wrongful employment practices arising from age, sex, race, disability, religion or other forms of discrimination. Covered losses often include damages, legal judgments against the company, settlements, defense costs, and pre- and post-judgment interest.

Why Do Lenders Need EPLI?
The Equal Employment Opportunity Commission (EEOC) reports that in 2013 more than 93,000 discrimination claims were filed. This represents complaints only filed with the EEOC and doesn't take into account independently filed suits. Since the Civil Rights Act of 1964, every decade has seen an increase in discrimination charges filed.

In fact, the current marketplace is a perfect storm of factors contributing to more discrimination lawsuits. First off, the workplace has become more diverse (more women, people of different races and from different countries, older workers, etc.). Looking at this completely from a numbers perspective, it makes sense that as the pool of people who could allege discrimination increases, the number of lawsuits increases too.

The economy is another factor. Its ups and downs have resulted in companies, especially those in the mortgage industry, letting go of employees in order to reduce expenses. This, in turn, has caused the number of wrongful termination complaints to increase.

It should be noted, however, that we're simply looking at the overall statistics and not whether these cases are justified. Certainly, there have been landmark cases in the U.S. in which the wronged have received just settlements and changed workplace conditions across the U.S. for the better. However, the resulting publicity from those cases has also had an effect on employees, making them more likely to consider a lawsuit as an option, whether or not their claim is justified.

According to Jury Verdict Research (JVR), the median employment practices award is in the $200,000 range, over the past 10 years, with 8% of these verdicts at $1 million or more. Keep in mind, too, that defense costs go toward a lender's policy limit. If a claim is settled before trial, the legal costs can range from $10,000 to $75,000.

However, if a case goes to trial, defense costs can easily exceed $100,000. These costs, plus any award (if the judgment goes against the lender), means the lender could easily exceed a low policy limit and would have to pay the remainder out of pocket. So, it's crucial that the limits a lender sets can provide adequate protection should it ever face one of these claims.

Go Beyond Investor Requirements
If there's one lesson to learn here, it's that a lender needs to review its insurance options beyond the requirements that investors/GSEs/warehouse lenders mandate. Although cyber liability and EPLI do not directly affect investors, as they don't require these coverages, either could greatly affect a lender, resulting in huge out-of-pocket expenses or even closure.

In the end, it's best to look at what you need, not just what's required.

Lee Brodsky has specialized in operational insurance for the mortgage banking and financial services industry for more than 30 years. In May 2004, he established the Mortgage Banking Insurance Group at JMB Insurance. As an independent brokerage with no ties to specific carriers, his group helps mortgage bankers and brokers procure operational insurance that meets client goals and satisfies investor requirements.

(Do you have an opinion to share with MortgageOrb? Get in touch! Send an email to


Please enter your comment!
Please enter your name here