Not-for-Profit Organizations Need D&O and EPLI too

Stuart: Let's start by assessing the size and scope of the not-for-profit market.

o The number of charitable organizations operating in the United States has doubled since 1974. Between 1996 and 2004, the total number of such entities increased by 28.8%, to 312,366.

o During that same eight-year period, the number of private foundations grew to 102,881 from 58,774 (a 75% increase), the number of public charities rose to 822,817 from 535,888 (a 53.5% increase), and the number of remaining nonprofit organizations dropped to 471,565 from 490,235 (a 3.8% decrease).

o Approximately 1.4 million charities, private foundations and religious congregations now exist in the United States. Of those, 73% have annual budgets up to $500,000; 8.7% have annual budgets of $500,000 to $1 million; 11.8% have annual budgets between $1 million and $5 million; and 6.5% have budgets of $5 or more.

o Breaking down charitable organizations by mission, we find that 46.9% offer health and human services, 18.1% support education, 11.9% focus on public and societal benefit, 10.4% promote arts, culture and humanities, 5.6% are religious in nature, 3.8% relate to the environment, 1.8% address international concerns, and 1.5% have an unknown mission. The top three classes of charitable organizations involve delivery of human services and account for 58.8% of the marketplace.

o Not-for-profit entities employ 11.7 million paid employees (9% of the U.S. workforce). Job growth in this sector (2.5%) outpaces growth in the business and government sectors, which have seen 1.8% and 1.6% growth, respectively.

o About 50% of adults perform some type of volunteer work each year, and nine out of 10 households make charitable contributions.

o Not-for-profit organizations receive $207 billion in individual contributions and $41 billion in corporate contributions annually.

o More than 80% of nonprofit organizations have gross revenues of $1 million or less.

Tom: When someone mentions "not-for-profit" or "charity," what may come to mind are those entities classified as 501(c)(3) under the U.S. tax code. There are 28 designations under 505(3)(c), and a wide array of not-for-profit entities in other classifications as well. For example, civic leagues or organizations operated exclusively to promote social welfare fall under 501(c)(4), while labor, horticultural and agricultural unions are classified as 501(c)(5)s. Professional football leagues are 501(c)(6)s; fraternal societies, orders and associations are 501(c)(10)s; and credit unions are 501(c)(14)s.

Some not-for-profits are small, surviving on a couple thousand dollars in annual revenue, but others are immense. They range from local soup kitchens to The Ford Foundation, with more than $11 billion in assets and offices throughout the world. An educational not-for-profit could be a small kindergarten or an institution such as a major university. That's why you can't take a cookie-cutter approach when underwriting nonprofits. Larger accounts, however, typically are run by savvy executives who reign over thousands of employees and may have offshore investments, private airplanes and the like. Obviously, such risks require more detailed information and more extensive underwriting than do smaller organizations with a single purpose or a simple mission.

Stuart: State and federal government each play a role in regulatory oversight of the nonprofit sector. While Congress creates some nonprofit entities, most are formed at the state level, so state laws govern their creation, operation and dissolution. Typically, state attorneys general maintain lists of registered nonprofit organizations, ensure they adhere to charitable solicitation laws, and investigate claims of fraud or abuse of tax-exempt status. The federal Internal Revenue Code provides for and regulates the tax-exempt status of qualified organizations. The Internal Revenue Service's Division of Tax-Exempt and Government Entities reviews and audits nonprofit federal income tax forms known as Form 990s, and the IRS can assess fines and penalties for nonprofit entities and, when warranted, revoke their tax-exempt status.

William: States are stepping up their oversight of nonprofit activity, as is the federal government. Most states require not-for-profit entities to file annual reports disclosing how much they receive in contributions and how they use those funds. After scandals in the for-profit arena relating to corporate governance and conflicts-of-interest, 19 recently states took steps to better regulate nonprofits organizations' activities.

Not to be outdone, the IRS increased by 21% the amount budgeted for oversight of nonprofit organizations (while its overall budget for fiscal year 2005 increased by only .5%). One of the key objectives listed in the five-year strategic plan the agency released 2004 is to deter abuses within tax-exempt entities and misuse of such entities by third parties. Another concern is executive and director compensation. The IRS identified more than 200 nonprofit organizations that pay an executive or board member more than $1 million per year and announced it will investigate all such arrangements. It also stated last summer that it was auditing approximately 2,000 public charities and private foundations, paying particular attention to compensation practices and procedures. Finally, the IRS streamlined its Form 990 to make it easier for state regulatory agencies–and the public–to monitor nonprofits' financial activities.

You're probably familiar with the Sarbanes-Oxley Act, a statue designed to curb corporate abuses. It's also been called the Nonprofit Wake-up Act of 2002 because it contains executive liability and whistle-blower protection provisions that apply to both nonprofit and for-profit organizations.

John: Nonprofit directors have the same responsibilities as their for-profit counterparts. More than 90% of nonprofits purchase management liability polices with such core coverages as directors and officers, employment practices and fiduciary liability. Many carriers offer a menu of related coverages including crime, kidnap and ransom, miscellaneous E&O, Internet E&O and workplace violence. Unlike publicly traded companies, which typically must buy single-year policies, a nonprofit organization can choose either a one-year or a multiyear policy and individual aggregates or one aggregate for all exposures. Recently, carriers introduced new forms for this class of business, and many also offer such services as employment practices counseling, training, testing and sample contracts.

As regulators push for greater accountability and transparency, nonprofit organizations are choosing higher liability limits for their directors and officers. According to Tillinghast-Towers Perrin, the average limit for a nonprofit is $2.3 million, and the average premium is around $12,000.

Chubb, St. Paul/Travelers and AIG dominate the governmental and general not-for-profit marketplace, with Chubb writing the most policies and AIG leading in premium volume. AIG and ACE also maintain a strong presence in the education sector, although United Educators writes the most coverage for colleges and universities. In the healthcare field, Chubb has the highest policy count and AIG reigns in premium volume. The "child factor" makes some nonprofit entities, such as foster-care and adoption agencies, difficult to place. Some carriers shy away from those types of risks or only write coverage with harassment, molestation and abuse exclusions.

Most claims against nonprofit organizations (more than 75%) are filed by employees. In higher education, we see a lot of teacher-tenure claims as well as antitrust and intellectual-property claims for colleges and universities conducting research. In the healthcare sector, we see a lot of antitrust, peer-review and credentialing claims. Religious institutions face mostly employment, counseling and childcare claims, while mutual-benefit associations are plagued by discrimination, antitrust and derivative claims.

Tom: Employment-related claims still are on the rise, especially those involving wage-and-hour disputes, discrimination, harassment, retaliation, the Americans with Disabilities Act and the Family Medical Leave Act. According to the Equal Employment Opportunity Commission, more than 80,000 charges were reported from 2002 to 2004. Of those, 34.9% were race-related, 34.5% claimed sexual harassment or discrimination, 10.5% pertained to national origin, and 3.1% alleged religious-based discrimination, a growing trend. As technology continues to advance, more and more claims pertain to the use of electronic media, invasion of privacy, theft of data, etc.

John: Voluntary immunity statues offer some protection for non-compensated directors and officers, and some jurisdictions cap nonprofit entities' liability for certain exposures. In both the public and private sectors, the business judgment rule provides an affirmative defense for directors and officers who make informed, but bad, decisions–in other words, honest mistakes. None of these measures, however, automatically shields an entity or its officials from liability, and coverage gaps certainly exist.

Tom: As John said, nonprofit directors and officers have the same duties of care, loyalty and obedience as do officials of publicly traded entities. They must perform these duties in good faith and in the best interest of the organization, avoid even the appearance of conflict of interest, and abide by all applicable laws, statues and their own charters and bylaws.

The Volunteer Protection Act of 1997 protects volunteers from any personal liability resulting from negligent acts or omissions; however, it does not protect them from grossly negligent acts or omissions, and that's a big gap. Also, many D&O polices for publicly traded and privately held companies extend outside directorship liability coverage to people who sit on not-for-profit boards at the company's behest, but they don't protect the organization itself or any other board members.

John: What coverages issues must an agent address for his or her not-for-profit insureds? Try to secure coverage for defense costs outside the liability limits, punitive damages with most-favorable-venue wording and insurer duty to defend. Order-of-payments clauses and pre-set allocation also are important. If a client publishes a newsletter or hosts a Web site, it needs media liability coverage, including protection against copyright and trademark infringement, and against libel, slander and defamation claims. Negotiate broad definitions of claims and make sure investigations brought by regulatory bodies are covered. Modify the insured-versus-insured exclusion so it does not apply to employee or whistle-blower suits. Obtain sanctions and penalties coverage for members of management and strong severability language.

Tom: Underwriters need to look at the human resources controls an insured has, how many people it employs, its location, its corporate governance and its employee and executive compensation. Who are the board members? What are their qualifications? How often does the board change?

An underwriter who gets a submission for a not-for-profit entity should begin by looking at its Web site, which often serves as window into the organization and its operations. A good site tells you a lot about the insured and its operations and gives you a sense of its corporate governance. Some even disclose financial information.

William: The American Red Cross set up two hotlines–one for employees and volunteers, and one for the public. Anyone can call in anonymously to report a problem, and every complaint is investigated. If the caller wishes, we will report back within 10 days to discuss what the investigation revealed and what we are taking to address the matter. Every corporation and nonprofit should set up a similar system, encourage employees to express their concerns and protect those who do. It's a good way to detect conflicts of interest and similar problems and resolve them before they get out of hand.

Stuart: To avoid potential conflicts of interest, a nonprofit entity might bid out all services expected to exceed a certain cost, $10,000 for example.

Karen: What about audits? More than 80% of all not-for-profits have annual revenues of $1 million or less, and most operate on shoestring budgets. Let's suppose a small organization wants an audit, but it's going to cost $15,000–a large chunk of its overall budget. What should it do?

Stuart: I favor audits because they protect directors and officers, and I think a company with $500,000 to $1 million in revenue ought to have one every year. Those with small budgets might find it difficult to justify the expense, but it's money well-spent, and they may be able to obtain bids from several different sources and find a manageable price.

John: From a financial standpoint, I think audits help organizations assess their current status. Also, management can be sanctioned or assessed a 10% penalty for paying more than fair market value for a consultant's or other professional's services. In that case, it would help to note that a financial audit has been conducted and that the insured is taking appropriate steps to respond to the findings. In the meantime, make sure coverage is available for intermediate sanctions and civil-money penalties.

Tom: If an organization has $500,000 in annual revenue–and certainly if it has more than $1 million–and doesn't undergo annual audits, that's a red flag for an underwriter. While we understand that many nonprofits have budgetary constraints, audits give us a greater level of comfort in insuring such risks. By the way, another red flag is lack of HR controls. Does the insured have an HR person? If someone is terminated, who makes that decision? Is outside counsel consulted? Is a process in place to allow people to report incidents that might lead to claims? An organization might not have a human resources director, but it needs to at least be run by people who have the sense, and the procedures in place, to keep themselves and their organizations out of trouble.

Stuart: Another way a not-for-profit may get into trouble is by publishing a newsletter, sending out mass e-mail messages or posting information about employees, officers or donors on its Web site. These practices expose the insured to breach-of-privacy and theft-of-information claims.

Karen: If a nonprofit entity discovers that someone has hacked into its membership or donor database and stolen information, what are the implications? In California, for instance, if either a nonprofit or for-profit entity discovers a security breach that compromised personal data, a statue requires the entity to disclose the breach to anyone who might be affected. Several other states are considering similar legislation. For an entity with only a few hundred people to notify the cost might be minimal, but an organization with thousands of people in its database could incur a devastating expense.

John: Related cases have set a precedent that data is not considered tangible property, so you can't rely on a typical property and general liability policy, or even a crime policy, to respond to unauthorized access to your network, corruption of data or theft of information. However, a network liability policy can provide not only third-party liability coverage, but also first-party coverage for damage to the charity's asset–that donor list–which has been compromised, and also for the time and expense of re-creating it. You might also get a privacy-protection endorsement to respond to fines and penalties assessed by regulators.

Privacy issues are more pronounced and far-reaching for online publications than for newsletters an organization mails to its members. In terms of injunctive relief, if someone files suit because their personal information has been disseminated, the entity can be ordered not to publish it any more, but something posted on the Internet can be seen by large numbers of people throughout the world, printed, downloaded and forwarded ad infinitum. As you can see, it's important to address technology and privacy issues, and the best way to do so is probably with a comprehensive network liability policy.