Don't be Caught Off Guard with Inadequate Insurance Coverage

Date: July 28, 2015

This article originally appeared in the 2015 Q2 edition of “ICE Digest” a publication of Institute for Credentialing Excellence.

The work of certification organizations provides invaluable benefit to those they serve, as well as the general public, by helping to set performance and competency standards for those in specific professions and motivating certificants to increase their personal knowledge in a particular practice area. Unfortunately, the activity of certification organizations also puts them at considerable risk for legal claims due to the organization’s self-regulation of its constituents. This is especially true in the areas of antitrust and due process. Additionally, today’s business environment has become extremely litigious, and certification organizations are susceptible to  defending against legal claims initiated by allegedly aggrieved employees or third parties that were harmed by one of the certification organization’s certificants. Because there is no way for certification organizations to prevent an employee or third party from suing the organization, these organizations must ensure they have the proper insurance to protect against liability for a wide variety of claims.

While the specific policy requirements vary from organization to organization, this article discusses the types of policies every certification organization should have as well as a few of the key provisions that organizations should ensure are included in their policies. To determine whether these provisions are included, organizations must look beyond the declarations pages of their policies and look at the actual policy provisions and any endorsements.

General Liability Insurance Policy

General liability insurance should protect a certification organization against claims for bodily injury, property damage and various other types of personal injuries, such as defamation. While general liability policies do not provide coverage for bodily injury or property damage from the provision of professional services, these policies do protect the organization from claims such as those in which a person walks into a lobby or meeting room and slips on a wet floor.

Unlike automobile insurance, which provides coverage up to a certain dollar amount per accident, general liability insurance policies are usually written so that the policy limit is based on the aggregation of claims. For example, the organization’s policy may state that the organization has $1,000,000 in coverage for all aggregate claims. This means that regardless of whether the organization has a single claim or 10 separate claims in a particular year, the insurance company will only pay up to $1,000,000. Once the insurance company has paid this amount, the certification organization will be responsible for any amount in excess of $1,000,000. It is not uncommon for other policies, such as the directors and officers (D&O) and errors and omissions (E&O) policies to also contain aggregate limits. It is important for certification organizations to know their policy limits and whether those limits are per incident or aggregate.

Employee Dishonesty Provision

A key general liability policy provision is coverage for employee dishonesty, which protects the organization from loss incurred due to embezzlement by employees. While insurance policies may include such a provision, the coverage amount may be minimal. For instance, a recent insurance policy review revealed a $10,000 limit for loss incurred as a result of employee dishonesty. Employees who embezzle money from an organization are usually quite good at hiding their activity and often embezzle tens of thousands of dollars before being caught. The amount of coverage for this type of activity will vary from organization to organization and will depend on the number of employees who work for the certification organization as well as the number of employees who have access to organizational credit cards or funds. We encourage our clients to carry more than $10,000 in coverage, and recommend that certification organizations discuss this issue with their insurance brokers.

Directors and Officers Policy

D&O policies do not provide coverage for bodily injury or property damage, but do serve to protect the organization, as well as officers and directors, against claims for alleged wrongful acts, omissions, misstatement or misleading statements, or breach of duty by a director or officer while carrying out his or her duties for the certification organization. Employment-related claims such as discrimination, harassment, wrongful termination, retaliatory actions or mismanagement of the organization’s assets are the most common claims asserted under a D&O policy. While D&O policies generally cover these types of claims, we have seen D&O policies that exclude employment claims, and certification organizations should confirm that the organization’s D&O policy includes employment claims, paying careful attention to the definitions section of the policy to determine exactly what types of claims are covered. Also, be sure to carefully review endorsements, as an endorsement may specify that employment claims are not covered.

It is also important to determine who is covered by a D&O policy. Typically, D&O policies cover officers and directors, as well as the executive director, key staff, other volunteers and the organization itself. Some policies, however, exclude staff or the organization itself and only cover the volunteer officers and directors. Certification organizations should ensure that the organization is covered for acts or omissions by all of the aforementioned parties.

Antitrust Provision

Developing and implementing a professional certification program requires competitors to collaborate, which may result in the exclusion of certain professionals from the marketplace if they are denied certification or their certification is revoked. This makes certification organizations susceptible to allegations of violating antitrust laws, and defending against an antitrust law suit can be quite costly. For this reason, it is not uncommon for insurance policies to exclude or limit antitrust coverage. A D&O policy, therefore, should include coverage for defending against such claims. Pay special attention, however, to the policy limits for the defense of these claims, as the limits may be inadequate.

Errors and Omissions or Professional Liability Policy

Most general liability policies exclude coverage for bodily injury or property damage that arises from the provision of professional services. E&O insurance policies, therefore, serve to protect the organization against the organization’s acts, errors, omissions or negligence relative to the services the organization provides to applicants or certificants. E&O insurance is usually narrowly tailored to a particular profession or a particular service. A common insurance exclusion, however, is one for standard setting and certification activities, because such activities are generally viewed as activities that are at high risk for claims. This is a must-have provision for all certification organizations, and the policy must protect against allegations of due process violations and allegations, such as tortious interference with business.

Certification organizations should also ensure that the E&O policy adequately defines the services the organization provides. Again, due to the unique work of certification organizations, insurance companies aren’t always certain how to categorize the work of the organization and may incorrectly categorize the services provided. In our practice, we have seen insurance companies use the general categories of consulting or education. Usually, this is not an accurate description of the certification organization’s work. An inaccurate categorization of the services puts the certification organization at risk for having a claim denied because it does not fall within the scope of coverage.

Cybersecurity and Data Privacy Breach Provision

A cyber-attack puts an organization at risk for law suits and may also result in the organization incurring considerable expense relative to notifying those whose personal identifiable information was breached and defending against breach of privacy claims. Unfortunately, many insurance policies do not protect against breach of privacy claims resulting from a cyber-attack. If the certification organization maintains personally identifiable information, generally defined as a person’s name in combination with their Social Security number, driver’s license number, bank, credit or debit card number, or taxpayer identification number, then the organization’s policy should cover expenses incurred in notifying individuals about the loss of personally identifiable information and defense costs associated with defending against suits for the loss of personally identifiable information.

Finally, it is important to determine whether your policy protects the organization for loss or damage to the organization’s technology infrastructure resulting from a cyber-attack. Many insurance policies do not provide this type of coverage, but, again, it is well worth the time to discuss this issue with the organization’s insurance broker to determine whether this coverage is included or available.

Most, if not all, certification organizations have general liability insurance, directors and officers insurance, and often also have errors and omissions insurance. The insurance coverage provided to these organizations, however, doesn’t always fully cover the unique work of certification organizations or doesn’t provide adequate policy amounts. For these reasons, an insurance review is critical to the organization’s financial security.

For more information on this topic or for a review of your insurance policies, please contact Stacey Pine at or 202-689-3157.