October is the traditional renewal season for Professional Indemnity Insurance (“PII”) and in the past couple of years premiums have been soaring. This has impacted all professional services firms from small to large, with many questioning how long these sizeable increases will continue. 

To find out more about the state of play in the PII market, BDO interviewed Neville Miles, Partner at Lockton UK , who advises professional services firms on cyber, management liability and professional indemnity insurance.

Read on to find out more about why we've been in a hard insurance cycle, the increased risk of silent cyber and what firms need to think about ahead of renewal season. 

Referring to the Professional Indemnity Insurance market cycle, where do you see the market now? 

For the last three years, the insurance market both in the UK and globally has been hardening at a rate not seen since 2001/2. Capacity has reduced, competition is limited, premium rates have been increasing and insurers have a highly selective approach to the risks they choose to cover. These difficult conditions will not last forever, and many suspect that we have reached or are nearing the peak of the market cycle.

The diagram below provides a simple overview of a complete market cycle from 'soft' to 'hard' and as the red arow indicates we are currently in a phase where rates are continuing to rise. However, we see some light at the end of the tunnel as the rate of increase is slowing. Having said this, we anticipate rates continuing to rise through 202 but much less than we've seen during the past 2-3 years. 

What has been the status of change during the COVID-19 pandemic? Has there been heightened risks with remote working? 

While the full effects of the COVID-19 pandemic remain unknown, we do know that COVID-19 related business interruption losses in the property market are significant. The verdict on the Financial Conduct Authority's test case is widely perceived to have supported policyholders and is expected to equate to approximately £1.2 billion in additional claims (FCA, 2021).

There has also been an upsurge in litigation brought against firms and their professional indemnity policies, where they may have acted in error or provided negligent advice to other businesses, extending to the employment practices markets in relation to employment law, redundancies and wrongful dismissal throughout the pandemic.

Almost all lines of business are expected to be negatively impacted by COVID-19 in some way with “few classes expected to emerge unscathed” (Insurance Times, 2020). For example, the insurance market is experiencing increasing numbers of ransomware claims. The full effects of the pandemic on the market is still unfolding.

Your Professional Indemnity 2021 Market Review refers to increased risks of 'Silent cyber'. Can you tell us more about what this is, the specific risks and the what the market could do to address this?

Silent cyber describes cyber risk that is neither expressly covered nor excluded in insurance policies. In simple terms, this gives rise to coverage uncertainty. As a result of this uncertainty Lloyd's has requested its syndicates to comply with the Prudential Regulation Authority (PRA) requirements requesting insurers to expressly state in their policies whether cover is provided for cyber acts.

Insurers and regulators are concerned that silent cyber can represent a significant, unexpected risk to insurers' portfolios. The lack of clarity in policies can also lead to confusion or misunderstanding about coverage for cyber risks. Some companies may believe that they have adequate cover for cyber risk when they do not. 

The issue of silent cyber is particularly challenging for PI policies as many professional services firms hold and transfer money as part of their day-to-day business operations, and often hold significant volumes of client monies. Therefore, it is particularly important to ensure PI policies fully address the requirements of these firms to ensure there is no gap in coverage between a PI policy and a separate Cyber policy. 

The additional challenge is the broad civil liability basis of the law firm PI policies providing coverage for claims arising from the insured's 'professional activities'. In addition, the Solicitors Regulation Authority (SRA have Minimum Terms and Conditions required which prevents the limitation of coverage under the policies, particularly to the detriment of a third party. 

It is worth pointing out that there has never been any intent under PI policies to provide cover for first party losses i.e. the costs associated with a breach. These include costs such as ransom payments, breach response costs, business interruption and reputational harm. Therefore, it is fundamental for any business/organisation who relies on IT to operate (which is the majority of businesses) to be purchasing a separate Cyber policy to ensure that these losses are covered. 

Can you give a summary of the international market and where the UK market sits? Should firms desegregate their policies across jurisdictions?

For England & Wales regulated law firms the London market continues to provide the most competitive premiums and the broadest scope of cover. In view of this the Top 100 E&W firms, international or domestic all utilise London market capacity. One reason for this is that the SRA's Minimum Terms & Conditions (compulsory cover) is required to be covered by at least one of 18 Participating (i.e. approved) Insurers. 

The largest law firms who requiring very substantial limits of indemnity will access the International underwriting community, which will include insurers domiciled in Europe, Bermuda, New York and elsewhere. 

It is very rare for law firms to segregate policies across jurisdictions as this tends to be costly and will invariably provide less cover than available with a London led programme. 

Is M&A activity a way to manage risk? And if so, what is the policy if two firms are merging?

Law firms should only merge for strategic reasons. We do not believe merging is an effective way to manage risk.
Firms attracted to growth by merger or acquisition should ensure they have identified their core strengths and understand how a merger can help them build on them, whilst also extending their depth and breadth to add extra value for existing clients and making themselves attractive enough to bring in new clients. 

Due diligence and financial and cultural compatibility assessments need to be meticulous, and potential sticking points need to be identified and ironed out early in the process. 

Insurers can be wary of M&A activity as pitfalls we've noticed include: 

• Management style: Partners who are used to a collegiate management style may have difficulty handing over decision-making to a management team. 
• Profit-sharing: if one firm shares profit equally, and the other is performance-driven, it is unlikely to work.
• Partner annuities and final pension schemes: ensure there are not huge liabilities likely to emerge at the 11th hour.
• Level of debt. 

What are the relevant benefits of firms having their own 'captive'? Are you seeing this happen in the market? 

Many firms are seeing significant changes in their insurance programmes, many of which are being imposed by insurers rather than accepted voluntarily. These changes include: 

• Rising premiums 
• Increased levels of self-insurance / deductible 
• Reduced cover 

With the uncertainty around COVID-19 and the possibility of further difficult conditions for insurance buyers the time is right to evaluate the most cost effective and appropriate methods of financing risk that cannot be economically transferred to the insurance market. 

There is no 'one best way' in financing risk. The optimum method for any particular business can only be determined through a careful and structured analysis of financial constraints, attitude to risk and risk transfer options.

A captive's principal purpose is to manage its parent's risk retention strategy by participating in its insurance programmes in order to reduce the total cost of risk of the parent organisation. 

An organisation's total cost of risk is the cost of buying insurance from third parties combined with the cost of losses retained by the organisation and the costs of administration of the risk management and insurance strategy. 

By optimising the level and type of insurance purchased from insurance companies (and its corollary, the risk retained within the organisation), the long term total cost of risk can be reduced. Most captive arrangements are designed for this very reason: to create a risk retention platform to reduce the organisation's reliance on third-party risk transfer for those exposures that the group can afford to fund from their own resources. Typically, exposures which give rise to a relatively predictable level of losses are more likely to be retained (often referred to as “high frequency / low severity” losses). 

To the extent that the overall cost of retaining loss exposures is lower than the premiums which would have been charged by insurers, there is a direct benefit to the parent. The cost or retaining loss exposures through the use of a captive will include not just the losses themselves, but also the costs of operating the captive vehicle and the cost of capital invested in the captive. 

As well as the direct financial benefit a captive may provide, there may be other indirect financial and non-financial benefits from setting up a captive arrangement. Every organisation differs in their motivation to incorporate a captive into their insurance programme, but, in general, captive utilisation is aimed to achieve the following benefits:

• Improved control over the design of insurance programmes
• Improved risk management through improved focus on loss exposures and events and better access to loss data
• Improved cash flow through a reduction in external premium spend
• Potential taxation benefits in certain jurisdictions

Very few law firms own a Captive insurance company, but as a consequence of the hard market there is heightened interest in this type of risk financing vehicle.   

Finally, it's coming up to renewal season, so what should firms be thinking about? 

• Timeline management: Robust management of the renewal timeline will ensure that time does not become a feature in negotiations. Many elements of negotiations are taking longer
• Flexibility: Approach renewal with an expectation of changes being required and be prepared to consider alternative options if needed. This will require flexibility in terms of programme structure, insurers utilised, market access points and, in some cases, coverage priorities
• Communication: Agree a clear communication plan as part of the renewal process. This should include both formal 'milestone' dates, and regular informal discussions with insurers and your broker
• Relationship management: Strong and effective tri-partite relationships are proven to assist in achieving the best outcomes in difficult renewal negotiations. Evaluate your current relationship profiles and develop plans to enhance these as necessary
• Information: Work with your broker to review how your risk is presented to insurers and have a clear strategy to collect the information insurers require, supported by clear analytics.

You can read more detail about the complexities of this subject in Lockton's Professional Indemnity 2021 Market Review.