The OPDU Trustee Liability policy provides cover for certain elements of Cyber related risk, as follows;
- Indirect losses arising from cyber events may be covered under OPDUs PTL policy where an allegation of Wrongful Act has been made in accordance with the policy
- In the event that a third-party provider, such as an administrator, fails to supply the service promised under the contract due to a cyber-event, the OPDU policy may respond if you have the Third-Party Pursuit extension. In this case the policy will pay the costs of pursuing the third party for redress subject to the policy terms and conditions
- Investigations may also be covered which stem from a cyber-event becoming known. In this case there is no requirement of an allegation of Wrongful Act.
- We would encourage trustees to review their contracts with their party providers to ensure that adequate provision is made for losses arising from cyber events.
- Civil fines and penalties issued by the Information Commissioner
It’s important to remember that it is not the intention of the Trustee Liability policy to provide Cyber cover. Our recommendation would be for an assessment to be carried out as to whether there is a Sponsor Cyber policy in place, as usually the Sponsoring Employer would have a companywide cyber policy that includes the pension scheme. Any agreements with third parties such as Administrators or Investment Managers should also be checked, as usually there would be some caveats contained within these agreements over data protection / insurances etc.
GDPR
Following implementation of the Data Protection Act 2018, Trustees have been faced with extra duties and potentially significantly higher fines for breaches.
Our Policy covers trustees and pensions employees for civil fines and penalties including data protection provided that an allegation of Wrongful Act has been made and the penalty is not criminal. Investigations will also be covered which stem from a data breach becoming known. In this case there is no requirement of an allegation of Wrongful Act.
If Scheme Assets are to be used to cover the cost of the OPDU Policy, it is important this is specified where asked on our application forms, as we will then invoice a small portion of the policy premium to the Principal Employer to cover the cost of Civil Fines and Penalties cover.
GDPR
- The new data protection regime takes effect in 2018 and this will mean extra duties for trustees and potentially significantly higher fines for breaches.
- OPDUs PTL policy covers trustees and pensions employees for civil fines and penalties including data protection provided that an allegation of Wrongful Act has been made and the penalty is not criminal. OPDUs policy will continue to provide this cover under the new GDPR regime in 2018 subject to the policy limits where lawful to do so.
- You will be asked what actions your scheme has taken to cater for the new regime on renewal or for a new application.
- Investigations will also be covered which stem from a data breach becoming known. In this case there is no requirement of an allegation of Wrongful Act.
- Many administrators are declining to increase contract indemnities given to the trustees, arguing that under the new regime they become in scope for a potential fine. If they have not already done so we would suggest that the trustees consider our Any One Claim Extension, whereby the policy limit applies to every claim separately rather than as an annual aggregate limit. This may provide greater levels of protection for the trustees in the event of a large fine being imposed.
- We would encourage trustees to review their contracts with their third party providers to ensure that adequate provision is made for the new regime.
For further information please get in touch.
Talk to us
It will cost you nothing to talk to us so please feel free to make contact, we’ll be happy to help.