Hunton Insurance Recovery Blog

Last week, in an exciting moment, the U.S. House of Representatives, voted 321 to 103 in favor of H.R.1595, the Secure and Fair Enforcement Banking Act of 2019 (“SAFE Banking Act”). If enacted into law, the SAFE Banking Act, would provide financial institutions, including insurers, a safe harbor to do business with “cannabis-related legitimate businesses” in the United States. In particular, the act would protect insurers, independent agents, and brokers from criminal and civil liability when offering insurance coverage to state-legalized cannabis businesses. The SAFE Banking Act would grant the cannabis business community access to many of the financial services most companies take for granted, like electronic payment processing, employer-sponsored 401(k) accounts and small business loans.

The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks.  Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance.  In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.

In its third quarter report, insurer Beazley reported a nine-fold increase in social engineering attacks (i.e., deception-based fraud/crime) as compared to the same time last year.  So far, the majority of social engineering attacks in 2017 were focused on the professional services sector (18%), followed by financial institutions (9%), higher education (9%) and healthcare (3%).  The report also notes continued high rates of unintended disclosure via employee negligence across all sectors (29%), second only to affirmative hacking or malware attacks (34%).