JULY 2017RISK MATTERSA QUARTERLY NEWSLETTER FROM ARTHUR J. GALLAGHER RISK MANAGEMENT SOLUTIONS

IOSH-approved Managing Safely gives your managers, supervisors and staff the skills they need to understand the risks and run effective Health & Safety programmes. Running over three days, the course covers risk assessment, risk control, hazard identification, waste and pollution protection, accident and incident investigation – plus performance measurement.

IOSH MANAGING SAFELY COURSES

IOSH SAFETY FOR EXECUTIVES & DIRECTORS COURSES

The IOSH-approved Safety for Executives & Directors course is designed for individuals who hold senior positions such as business owners or Directors within any business sector. The course lasts one day, starting at approximately 10am and aiming to finish by 3:30pm. The course is based on the occupational health and safety standards which are found in the Health and Safety Executive Guidance and the Corporate Manslaughter and Corporate Homicide Act of 2007.

UPCOMING TRAINING DATES

LOCATION DATE

Leicester 19th September

Birmingham 5th October

Leicester 7th November

LOCATION DATE

Birmingham 12th, 13th, 14th September

Wakefield 27th Sept, 4th and 11th October

Leicester 3rd, 4th, 5th October

Bristol 3rd, 4th, 5th October

Walbrook 9th, 10th, 16th October

Birmingham 7th, 8th, 9th November

Leicester 28th, 29th, 30th November

BOOKING A PLACE ON OUR IOSH COURSE IS NOW EASIER THAN EVER WITH OUR ONLINE BOOKING FORM

JULY 2017 RISK MATTERS

THE WANNACRY RANSOMWARE ATTACK

On Friday 12th May, a cyber-attack was carried out across 74 countries and multiple businesses including Nissan, FedEx and critically the NHS. The WannaCry Ransomware virus infected thousands of computers, preventing affected users from accessing their data until a ransom is paid.

Part of the problem was attributed to the NHS relying on outdated Microsoft XP software, a 16-year old operating system which Microsoft stopped supporting in 2014. Microsoft even took the highly unusual step of releasing a patch for the defunct operating system to help alleviate the crisis.

Reducing the likelihood of ransomware attacks

In response to the WannaCry ransomware attack incurred by the NHS earlier this year, many organisations are concerned about how they can protect themselves from falling victim to a similar attack. The following advice has since been offered by the City of London Police’s National Fraud Intelligence Bureau:

1. Ensure all systems have the latest security updates applied.

2. Confirm data backups are recent and maintained regularly, whether by yourself or your outsourcers.

3. Be cautious of any unsolicited communications you receive. Never open any attachments or click on any links unless you can verify the sender. The same applies for text messages, especially if they ask you to call a number. You should never disclose personal or financial information in an email or to a cold caller; even if they claim to be from an organisation you’re familiar with.

4. Purchase a Cyber Insurance policy to transfer some of the financial risk and secure 24/7 incident response assistance.

If you do become infected by a ransomware virus, you should not pay the ransom, as this does not guarantee removing the virus and it is unlikely that access to your files will be restored – plus you’ll be handing money over to criminals and further encouraging these types of attacks.

JULY 2017 RISK MATTERS JULY 2017 RISK MATTERS

CHANGES TO THE WELL MANAGED HIGHWAY INFRASTRUCTURE CODE OF PRACTICE

The new Well Managed Highway Infrastructure Code of Practice was published at the end of October 2016, it brought with it significant implications for local authorities. This article discusses the new changes as well as how they can be implemented and the opportunities for reviewing strategies and practices that the new changes can offer.

The new code

The new Code replaces the Well-Maintained Highways Code of Practice for Highway Maintenance Management dated July 2005. While the final code was published on 28th October 2016, local authorities will have until 28th October 2018 to implement it.

The main principle of the Code is that highway authorities should opt for a risk-based approach to asset management which takes local needs, priorities and budget into consideration. While failure to comply is not against the law, it could prevent the local authority from using a 58 Highways Act 1980 defence.

While a risk-based approach may lead to an increase in resources at the start as authorities are tasked with reviewing each highway in their jurisdiction, it may eventually make their statutory defence claims more robust – which could result in significant savings over time.

Maintaining roads

This risk-led approach uses a risk matrix to assess and analyse how often roads need to be inspected. This may lead to a decrease in the frequency of inspections which in turn could save the local authority money. Of course this could also lead to an increase in inspections.

While decreases in inspections may lead to a decrease in spending, it may also cause issues from claimants in court. Therefore it is essential that evidence is gathered which can demonstrate why the decision to reduce inspections was made.

Working together

The new Code also encourages collaboration between authorities to ensure best practice is widely adopted and problem areas are tackled together. If a policy is adopted by a group of authorities, then it can be harder to challenge by claimants.

Review your existing policies

The introduction of the code provides an opportunity for local authorities to examine their existing policies, making sure that the practices and procedures in place for handling highway claims is as quick and efficient as possible. Your usual Arthur J. Gallagher representative can help you with this.

JULY 2017 RISK MATTERS

IS YOUR BUSINESS READY FOR THE GDPR?

The EU General Data Protection Regulation (GDPR) is the biggest ever shake up to data protection laws, yet many businesses feel unprepared.

With the GDPR’s introduction taking place in May 2018 and the UK not leaving the EU until 2019 at the earliest, Brexit will not affect the introduction of the GDPR in the UK. This means now is the time to put the processes in place to ensure that you comply.

For more information on what the GDPR means for businesses and what they need to do to be compliant, you can download our article ‘Are you ready for the GDPR?’

GOOGLE AND FACEBOOK FALL FOR PHISHING SCAM

In March this year, it was reported that a Lithuanian man had been charged over an email-based phishing attack which scammed two US-based internet companies out of $100 million. These companies were later revealed to be Facebook and Google. The accused Evaldas Rimasauskas, allegedly posed as an Asia-based manufacturer and repeatedly deceived the companies with fraudulent invoices from 2013 up to 2015.

While these phishing attacks have increased in sophistication over recent years, the easiest way to prevent them is to educate your employees – who are most likely to find themselves targeted. CEO fraud, where a scammer poses as a CEO in an attempt to make employees transfer a payment outside the company, is one way in which employees can fall victim. These requests are

often urgent and time-sensitive, putting added pressure on the employee to comply. In order to avoid this happening, companies are encouraged to urge employees to carefully verify all payment requests before authorising them.

Read more at: www.bbc.co.uk/news/technology-39744007

JULY 2017 RISK MATTERS JULY 2017 RISK MATTERS

THE IMPORTANCE OF CONTRACT RISK MANAGEMENT

When forming a contract, the expectation may be that in the event of a claim your Insurers will indemnify. However, it is you (not your Insurers) who are forming a contract with your employer. If your Insurers will not provide an indemnity then you are still liable under contract and your employer can claim against you for any losses and you will need to pay defence costs. The consequences of this could be severe, which may lead to bankruptcy of the business if the claim is substantial enough. Plus, there could be a personal liability on the directors depending on the terms of the contract.

When reviewing contracts it is important to be aware of the liability issues ‘hold harmless’ indemnity clauses can create. It is also vital to be familiar with liquidated damages and contractual extensions.

Indemnity clauses

No insurance policy will cover every eventuality arising under a contact and as such there may be areas of exposure which are not covered by the insurance.

Probably the most onerous clauses appearing in contracts are indemnity clauses. The intention of an indemnity clause is to make you liable to hold harmless or indemnify your client in respect of “all losses, claims, damages, expenses and costs” that are caused by a particular breach of contract or duty. A liability policy is unlikely to provide cover as indemnity clauses allow greater or broader redress than is normally recoverable at common law.

While removing the clause is the easiest option, if you cannot remove the clause consider other ways to manage the risk, for example qualify the indemnity with foreseeability, an obligation to mitigate, and a requirement of legal liability.

Contractual exclusions

Contractually assumed liabilities can be those which the Policyholder would not otherwise be liable for unless such indemnity is requested of and granted by written endorsement to the policy. They can also exclude liabilities arising out of, based upon or attributable to any guarantee or warranty except to the extent that such liability would have attached to the Insured in the absence of such contractual duty, term or agreement. The common theme in these clauses is that the exclusion relates to matters which would not be covered without the contract.

Contractual extensions

While you can try to remove onerous terms from your contract, there will no doubt be circumstances in which you will agree to certain forms of contractual liability which will fall within a contractual exclusion clause. If you are relying on the contractual extension clause it must be very carefully and specifically negotiated so that you are comfortable that it will respond in the event of a pure economic loss claim.

Liquidated damages

In a liquidated damages clause two parties agree up front that if there is a breach by one of them that the damages will constitute a particular sum of money. This gives rise to various issues in relation to your policy coverage including whether your policy is actually going to be enforceable at all and whether such a clause would be caught by a contractual exclusion. Many policies may have a specific exclusion for liquidated damages clauses so it is necessary to be cautious to make sure that not only have you navigated any general contractual exclusion but also any specific exclusion for liquidated damages clauses.

While you can react to what is on contract, good risk management has to be proactive. You should ensure that you do not exceed the sums of or consider a cap on your liability clause. The level of insurance cover required of you should be appropriate to the level of services provided and your professional indemnity insurance cover should be subject to an annual aggregate limit in respect to pollution and contamination. Finally, do not disclose your professional indemnity insurance policy to a client; a broker’s letter should be sufficient.

Read more at: www.ajginternational.com/news-insights/articles/insights/podcast-contract-risk-management-an-insurance-perspective/

JULY 2017 RISK MATTERS

RECENT PROSECUTIONS Derby hotelier receives prison sentence for fire safety breaches

Mr Gurnam Singh Rai, the lease holder and operator of the International Hotel in Derby has been sentenced to six months imprisonment, fined a total of £40,000, and ordered to pay £20,000 in costs after a routine fire safety inspection revealed four breaches of the Regulatory Reform (Fire Safety) Order 2005.

The inspection found a series of safety hazards including a fire risk assessment which had been ignored, poor structural maintenance, a corroded fire escape, open fire doors, faulty fire alarms and emergency lighting, incomplete staff training and untested fire extinguishers.

After the inspection, Derbyshire Fire and Rescue Service served an Enforcement notice on the hotel, with a compliance date of 20 April 2015. However, despite multiple visits and warnings, the required work had not been completed, leading the Fire Authority to initiate legal proceedings in August 2015.

Alex Johnson, area manager for Derbyshire Fire and Rescue Service, said: ‘The sentencing of Mr Rai serves as a harsh reminder of the danger that occupants of the International Hotel would have been placed in should a fire have broken out.’

‘Occupants of the hotel were put at significant risk due to the apparent lack of fire safety precautions and building maintenance. If a fire had broken out, this could easily have led to serious injuries, or the loss of life.’

Sentencing Judge Coke said: ‘I have a duty to make it clear how important these regulations are and, when flouted as they have been, there can be no other sentence than immediate imprisonment.’

Read more at: www.derbys-fire.gov.uk/news/news-items/hotel-operator-convicted-of-offences-against-regulatory-reform-fire-safety-order-2005/#

Company fined after failing to comply with Improvement Notice

Aircraft handling company Dnata Limited has been fined after safety failings were discovered by the Health and Safety Executive (HSE) during an inspection of their Middlesex site.

On 23 April 2015, a HSE Specialist Radiation Inspector attended the site and discovered various breaches of the Ionising Radiations Regulations Act 1990. Despite the HSE serving two Improvement Notices, a follow up visit found that Dnata Limited had failed to comply with the notices and that the shielding used on the dedicated radioactive substances store was still inadequate.

The Court ruled that Dnata Limited had contravened the Improvement Notice served by the Inspector under Section 21 of the Health and Safety at Work Act 1974 and they were fined £534,000 and ordered to pay costs of £8,816.24.

Read more at: press.hse.gov.uk/2017/company-fined-after-failing-to-comply-with-improvement-notice/

Food manufacturer fined after worker death

Manchester Crown Court has fined Hitchen Foods, a subsidiary of Bakkavor Foods, after a worker was killed when plastic bales fell on top of him.

Jackek Andamowicz, a 29 year old father of one, was cleaning a storage yard when a number of plastic bales fell on him and trapped him against the ground. The bales, which weighed 703kg, had not been stacked correctly due to a lack of formal training and monitoring of the bale area.

An investigation by the Health and Safety Executive (HSE) discovered Hitchen Foods had failed to implement properly planned safe systems of work for employees who were involved with stacking the bales or who worked around the bale area.

Bakkavor Foods Limited pleaded guilty to breaches of Section 2 (1) of the Health and Safety at Work at 1974 and was fined £2million with £32,595.10 costs.

Read more at: press.hse.gov.uk/2017/food-manufacturer-fined-after-workers-death/

Tesco fined £8 million for petrol leak which polluted rivers

Tesco Stores have accepted an £8 million penalty after admitting responsibility for a major pollution incident. The petrol leak saw 23,500 litres of petrol leak into Lancashire sewage systems and rivers. £5 million of the fine was levied due to failings under the Dangerous Substances and Explosive Atmospheres Regulations.

The leak stemmed from a filling tank at a petrol station in Haslingden. The leak was allowed to continue for more than 24 hours which led to local residents having to seek medical help after petrol odours drifting up from the sewer led to headaches and nausea. Residents living up to 1 km away were affected by the leak and the smell remained in homes for a number of days. The leak also contaminated Langwood Brook and the River Irwell, which had a significant impact on the environment including reports of dead fish as far as 10km downstream. Over the 29-hour period between 2-3 July 2014 over 23,500 litres of unleaded petrol leaked from the tank and while 7,000 litres were recovered, the remainder spilled into the sewer system and water.

The investigation, which was led by the EA and Lancashire County Council, concluded that the incident was caused by Tesco’s failure to resolve a known problem with the fuel delivery system and an inadequate alarm system. Tesco’s poor emergency procedures were also a contributing factor.

The retailer pleaded guilty to two charges – a breach of reg 12(1)(b) and 38(1)(a) of the Environmental Permitting (England and Wales) Regulations 2010 and a breach of reg 6(8) of DSEAR 2002, contrary to s 33(1)(c) of the Health and Safety at Work Act and was ordered to pay £5 million for the larger health and safety offence and £3 million for the environmental offence. The retailer also had to pay costs of £22,000 to the council and £35,434 to the government agency.

County councillor Albert Atkinson, deputy leader of Lancashire County Council with responsibility for trading standards, said: “This was a major fuel leak in a relatively built-up area and close to a busy superstore. The potential consequences are only too obvious.

“The fact that the leak was allowed to continue for more than 24 hours undoubtedly contributed to a risk of harm to people living and working nearby, as well as emergency services and other professionals attending the incident.”

A Tesco Stores spokesperson responded to the sentence: “We sincerely regret the fuel spillage incident at our petrol station in Haslingden and we’re sorry for the impact it had on the local environment, our customers and the community. This was a deeply unfortunate isolated incident and one for which we have taken full responsibility.”

Since the incident, Tesco Stores has carried out thorough inspections of its petrol stations as well as introducing new real-time monitoring system and other improvements to prevent similar incidents.

Read more at: www.theguardian.com/business/2017/jun/16/tesco-fined-8m-fuel-leak-petrol-station-lancashire-supermarket-haslingden

JULY 2017 RISK MATTERS

ABOUT ARTHUR J. GALLAGHER

Founded in 1927, Arthur J. Gallagher & Co. has become one of the largest, most successful insurance brokerage and risk management companies in the world. With extraordinary reach internationally, our parent group employs over 24,000 people and provides service in more than 150 countries. Outside the US we are known as Arthur J. Gallagher, and wherever and whenever there is an issue of risk we’re there for our clients. We are a business without barriers – working together to create solutions that drive value and competitive advantage. Whether you are an individual, small business or international conglomerate, our people, their depth of technical knowledge and our global reach will deliver unrivalled advice and coverage expertise.

Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 7th Floor, 55 Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909. FP571–2017 Expires: 04.07.2018

www.ajginternational.com

CONDITIONS AND LIMITATIONS This newsletter is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this newsletter we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained. You should not act upon (or should refrain from acting upon) information in this newsletter without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers or any member of the Arthur J. Gallagher & co group accept no liability for any inaccuracy, omission or mistake in this bulletin, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.