Trustees should review their liability insurance

Trustee liability insurance isn't particularly exciting - many pension schemes don't bother with it. But with the twin challenges of cyber risk and General Data Protection Regulations (GDPR) it is attracting a lot more attention.

Schemes hold huge amounts of personal data, have a regular and large flow of financial transactions, and can face reputational issues. So trustees and companies are asking questions about how they are protected if something goes wrong. The answers are not always simple.

What is and isn't covered?

At a high level, trustee liability insurance works on the basis of claims against the trustees. If a member is financially impacted and makes a claim against the trustees, the cover kicks in. If there is no claim, then you have no cover.

For example, if data is compromised by a cyber-attack and the trustees embark on a communication exercise and offer credit checks, this is not normally covered, as there is no claim. Similarly, if cashflows are intercepted by a hacker, then unless there is a claim from someone - which could be the case in a defined contribution (DC) scheme - then there is no insurance cover for the lost assets or the costs of investigating the loss. Both examples can be covered, either by a cyber policy/extension or by a crime policy/extension, but that requires an active decision by the trustees.

With GDPR the position is more positive. Liabilities arising from the new GDPR are generally covered by trustee liability insurance, including civil fines and penalties. However, it is possible that premiums may rise in 2017/18 as the size of potential losses increases. We expect underwriting questions to be more detailed, checking that trustees are taking the relevant steps.

Pricing and policy structure

Trustee liability insurance is competitively priced. Premiums are calculated based on fund assets, number of members and cover limit, but an indicative cost for a typical scheme is around £1,000 per annum per £1m of cover. Schemes need to decide their appropriate cover limit, but typically a scheme might have a cover limit of 5% of assets, which translates into a premium of just £50 per annum per £1m of assets.

Perhaps more complex is how to structure the policy. Integration with other trustee protection can be messy. Trustees may have protection through exoneration under the deed or indemnification by the sponsor. But provisions vary between schemes, and understanding how trustee liability insurance fits with other protections is important.

It is also important to consider whether to use a standalone policy or one linked to the sponsoring employer. It is common for sponsors to add trustee liability insurance onto their own directors and officers insurance policies. But while these policies may be easier to arrange (and the sponsor may pay for them), they may not have the relevant cover if the trustees have not been directly involved. Limits could also be compromised by other claims on that policy, so care is needed.

Finally, cover for professional trustees needs to be considered. Normally they will be covered elsewhere, and most have their own cover under a professional indemnity or errors and omissions policy, but there is a range of approaches.

Time for review

Trustee liability insurance relates to all types of schemes - large and small, defined benefit (DB) and DC. Larger schemes have more financial exposure, smaller schemes may have poorer controls. While DB schemes have greater assets, DC schemes have more transactions. All trustees need to revisit whether they need trustee liability insurance, and - as the risks change - whether the type of cover also needs to change.

Paul McGlone is partner at Aon

• Tweet  
• Facebook  
• LinkedIn  
• Send to  

• Topics
• Law and Regulation
• Admin / Technology
• liability insurance
• General Data Protection Regulation
• trust law
• General Data Protection Regulations
• Aon
• Paul McGlone