The 3 Questions to Ask About Your Vendor Risk Program

VendorCloud

Risk consulting firm Proviti recently highlighted questions a company should ask itself to determine if its risk management program was on track. Several stand out as being very relevant to establishing a vendor risk program that actually works.

The main focus of each is on moving beyond vague long-term goals and instead focusing on achievable objectives and accountability. Whether you are establishing a vendor auditing program or a supplier financial screening initiative, the following questions are key in determining if your risk program is on track.

1. Does our risk profile reflect the risks we face currently?

This seems like an obvious question but one which is easy to lose track of. Have the risks your organization faces increased or decreased over the last year? Clearly not all risks can be forecasted, but at the very least a comparison should be made between known risk exposure along with an honest assessment of whether you are better prepared to deal with them now versus one year ago. For example, by analyzing how many of your vendors are compliant with your terms and conditions today vs one year ago, you gain a sense of whether your overall vendor risk management approach is moving in the right or wrong direction.

2. Are directors and executive management on the same page in terms of risk appetite?

There must be a cohesive vision in place to work towards in executing a winning risk program. One approach is replacing overly vague company mission statements regarding risk with more granular, achievable objectives, and then revisit those objectives in 6 months to ask whether real progress is being made. Stagnation in executing a risk program often stems from setting overly lofty goals at the outset, and then having directors or operations managers not focusing on the same barometers of success over time, leaving nobody ultimately accountable.

To do this there must be accountability. Companies that succeed in executing a risk program usually find ways to eliminate redundant oversight of the program. Does a single person in your company have responsibility for owning a particular problem or program and reporting on its progress? As Proviti reports in their findings, the more institutional overlap an organization has with multiple people or departments sharing responsibility for the execution of a risk program and reporting on its success, the less likely that program is to succeed.

3. Is our risk culture encouraging the right behaviors? 

This is key. If you go to the trouble of auditing every single vendor who works on site at a facility, requiring them to submit updated COIs, endorsements, etc., that means nothing if nobody checks that info at the gate and lets them in regardless. Vendor standards for risk compliance must be enforced, otherwise it becomes very hard to continue enforcing standards, especially in today’s environment of fast traveling information where a non-essential exemption for one vendor can quickly lead to other vendors requesting similar exemptions.

The key to a comprehensive risk management program must include ensuring vendors are safe, compliant, insured and financially stable. This is critical to minimizing potential loss. If your vendor risk management program cannot satisfy the above 3 questions, now is the time to evaluate what needs to change.

Business Credentialing Services can help you analyze whether your risk program is passing or failing the above three questions.

US Companies are terrified of Reputational Risk, but Too Afraid to Do Anything About It

In its annual board of directors risk survey report, EisnerAmpner found a surprising disconnect among risk managers at publicly traded companies in the US.

Aside from financial risk, the top risk area companies are most concerned with is risk to reputation, far ahead of other top responses.

Screen Shot 2014-09-17 at 3.36.16 PM

However, despite so many companies being worried about reputational risk, the survey found that nearly 30% of companies were doing nothing to address the concern, despite many respondents also stating that implementing a risk program fell under their purview at their respective company.

One of the main reasons for the disconnect between companies worried about risk to reputation and a willingness to act on the risk is that many board members are unfamiliar with cybersecurity and social media, two large vectors of reputational risk. Because of their unfamiliarity, they are apprehensive to engage resources or spend time or money to address a risk that they may not fully understand.

This tension has the end result of companies operating with large gaps in their risk programs. Companies want to address reputational risk and cyber security, but lack of familiarity makes it easy to put off for yet another year.  As a result, less than 40% of the survey respondent publicly traded companies even have a fully implemented risk management program in place. Companies end up operating in a permanent quicksand of risk preparedness, a knowledge that something needs to be done to get out of the mess, but afraid to move in the wrong direction out of fear of sinking further.

This unfortunately misses a broad point of risk planning, which is that risk is interconnected. Whether it is risk to reputation, cyber security, supply chain, or vendors; a proactive and thoughtful risk program is preferable to none.

Contractor Focus – Florida Workers’ Comp Statute Declared Unconstitutional

Screen Shot 2014-08-22 at 11.31.06 AM

A court in Miami-Dade County, Florida found Section 440.11 of Florida’s Workers’ Compensation Act unconstitutional, ruling that it does not provide adequate medical care for injured workers or dollars to replace lost wages. Section 440.11 makes the Act the “exclusive” remedy available to injured Florida workers and their families for injuries or death incurred on the job.

 The court held that under US Supreme Court precedent, workers’ comp benefits must be “significant” if they are the only remedy available to the worker. Additionally, under a Florida Supreme Court ruling, Florida workers have a “fundamental right” to workers’ compensation benefits, meaning that statutes which impinge or discriminate on those benefits are subject to strict scrutiny under the 14th Amendment equal protection and due process clauses. In other words, because the Florida Constitution says workers’ comp benefits are a fundamental right, the legislature is not allowed to tinker with those rights without strict scrutiny and review from the courts.

The court reasoned that in 1968 when Florida enacted the Workers’ Comp act, making it the exclusive remedy for workers and their families, the act provided a total of 12 years possible benefits available to injured workers or deceased workers’ estates. However by 2003 that had been reduced to only 2 years worth of total possible benefits, along with some other impairment benefits available through the State and little else.

The court held that the 2003 law last modifying the Workers’ Compensation Act was unconstitutional as an exclusive remedy because it “is no longer an adequate exclusive replacement remedy in place of common law tort as required by the 14th Amendment to the U. S. Constitution or by the Florida Constitution.” 

The decision will likely be appealed, but has immediate short-term impact for employers and additional insureds currently operating in Florida.

Tracy Morgan Sues Wal-Mart for Negligence after Car Accident

Retailer Wal-mart is being sued by actor and comedian Tracy Morgan for negligence after the actor was seriously injured in an auto accident on June 7th, after a Wal-Mart truck struck the vehicle the actor and several others were passengers in.

In the civil complaint, lawyers for Mr. Morgan allege that Wal-Mart was negligent for, among other things, not factoring in their driver’s commute times to and from work in assiging routes for Wal-Mart drivers, with the result being sleep deprived drivers, and Wal-Mart possibly in violation of laws regulating how long commercial truckers may be behind the wheel.

Screen Shot 2014-07-31 at 3.18.17 PM

The driver, Kevin Roper, began his shift after a 700-mile commute from his home to a Wal-Mart facility.

The lawsuit, filed July 10 in U.S. District Court in Trenton, New Jersey. The case raises interesting issues of negligence on the part of companies that employ drivers and whether or not a driver’s commute to or from their home to work to begin a driving shift contributes in whole or in part to the negligence of a driver. 

 

You Could Face Tort Liability For Your Independent Contracts

Ind Contractors Header

Companies typically assume they will not be held liable for tort claims arising from the work performed by independent contractors they hire. However, as tort law continues to change this is less and less true.

The general rule of non-liability of an employer for torts committed by independent contractors has been eroded to the point that some legal experts now argue that “the rule is now primarily important as a preamble to the catalog of exceptions.” 41 Am. Jur. 2d Independent Contractors § 27

The Restatement of Torts has gone so far as to say that the many exceptions have eroded the “general rule” to the point that the rule can now be said to be “general” only in the sense that it is applied where no good reason is found for departing from it. (REST 2d TORTS § 409). In other words, just because you hire an independent contractor does not mean you should assume you will not be held liable for the work they perform.

The reality is that corporations face many liability issues when dealing with independent contractors and suppliers. Inserting boilerplate waiver-of-liability language and indemnification clauses in an independent contractor’s contract is no guarantee that the hiring party will not be held liable for contribution in tort actions filed by third parties against the independent contractor, or in actions filed by an injured third party directly against the company who hired the independent contractor.

The general rule regarding independent contractors states that a person who hires an independent contractor cannot be held vicariously liable for the wrongdoing of the independent contractor. (NYPRAC-TORTS § 9:17). Because the work they perform is independent from your supervision or direction, and the contractor is not your employee, the general rule is that you cannot be held liable for their actions. However, there are exceptions to this rule.

Under the legal doctrine respondeat superior, an employer is liable for the tortious acts committed by employees and agents ‘that are committed within the scope of their employment.’ (Black’s Law Dictionary, 8 Ed., 2004).

An employee is acting within the scope of her employment for purposes of respondeat superior liability if her tortious act that gave rise to a claim was “reasonably foreseeable” by the employer / hiring party. Bussard v. Minimed, 129 Cal. Rptr. 2d 675 (Ct. App. 2003). The question then becomes, is this person who committed this tort an employee of the company that hired them, or merely an independent contractor.

The primary basis for determining whether someone is an employee or independent contractor for purposes of attaching vicarious liability to the employer is whether the employer has the right to control the manner in which the employee performs their job. Id. So, even if a company hires what it thinks is an independent contractor, the reality is that if the hiring party can control and direct the work being done by the contractor to a certain level, then that person no longer is an independent contractor and instead will be treated as an employee of the hiring company.

Even if company X hires contractor Y to perform a job and disclaims liability in the employment contract, the court may disregard the label ‘independent contractor,’ and could assign liability to the hiring party under Respondeat superior if the hiring party has the right to control the manner in which the contractor performs their job.

Assuming the contracting party does not retain the right to control the manner in which the independent contractor performs their job, there are still three broad exceptions to the non-liability rule which may still lead a court to decide that the contractor is actually an employee of the hiring party, and thus the company is liable for the claims arising from the contractor’s work.

If a hiring party falls within one of these three broad exceptions, they will in some circumstances be liable for the torts of their independent contractor, even if they did not control the manner in which the contractor performed their job. (REST 2d TORTS § 409).

 [1] If the employer is negligent in selecting, instructing, or supervising the contractor, they may be liable for torts committed by the contractor. Id.

In a Wyoming case involving this first exception, an oil company hired an independent contractor to repair a well. An employee of the independent contractor was injured while working on the well, and brought a negligence action against the oil well owner. The trial court and appellate court both agreed that the oil company was liable for the injuries sustained by the employee of the independent contractor.

The appellate court found that “by directing… the manner of the independent contractor’s performance, defendant (oil company) abandoned the protection of the “independent contractor” rule… and owed plaintiff a duty of reasonable care.” Natural Gas Processing Co. v. Hull, 886 P.2d 1181. Despite having a contractual relationship with the contractor limiting liability, because the oil company directed the manner in which the contractor performed it’s work, the oil company fell outside of the safe harbor of tort immunity, and the court decided the contractor was actually the employee of the hiring company.

Similarly, in a Utah case involving an employee of an independent contractor hired to build a an LDS church building, the court had to determine whether the LDS Church had fallen within the first exception to independent contractor tort liability, by directing the explicit manner in which the contractor performed their work. During construction of a church building, a wall fell on a worker employed by the independent contractor, killing him. His estate filed suit, naming the hiring-party church as defendant. In examining the hiring party’s liability, the court examined the doctrine of retained-control, which states that if the hiring party retains an active participation in an injury-causing activity’s method or operative detail, the hiring party would be liable for torts committed by the independent contractor. Thompson v. Jess, 979 P.2d 322.

 [2] Employer has a non-delegable duty, arising out of some obligation to the public. (REST 2d TORTS § 409).

 Courts may also decide a contractor is actually an employee if the work being performed by the contractor is a type of work which the hiring party has a duty to the community to be ultimately responsible for the safe completion of. In a Texas case, an independent contractor repairman was injured when fixing a cement truck tire. The appellate court affirmed the trial court’s finding that the company who owned the truck was liable to the repairman, despite his independent contractor status. The appellate court held that “under the circumstances of this case, defendant owed plaintiff a duty of care, even though plaintiff was an independent contractor, since defendant was in the better position to identify, minimize, and administer the risks involved.” Alamo Lumber Co. v. Pena, 972 S.W.2d 800, 805. The court held that under the second exception, public policy dictates that there are certain non-delegable duties of safety and care that a party cannot simply externalize to other injured parties via indemnity clauses. To allow so would open the floodgates of negligent behavior by allowing companies to hide behind indemnity clauses and pass on the costs of injury to others.

[3] Inherently Dangerous Activity

 And finally, if the work being done by the contractor is inherently dangerous, for public policy reasons a company in some cases cannot simply absolve itself of liability for that work by passing it onto a contractor. In a Michigan case, an independent contractor was hired by landowners to fell timber on the landowner’s property. An employee of the independent contractor was injured when a felled tree crushed his leg. The employee named the property owners in the negligence suit, claiming tree logging was an inherently dangerous activity, and as such, was an exception to the no liability rule for independent contractor employees. The trial court granted summary judgment against plaintiff, but the appellate court reversed, holding that logging could be an inherently dangerous activity. DeShambo v. Nielsen, 471 Mich. 27, 684 N.W.2d 332 Mich., 2004.

The Michigan Supreme Court decided that for purposes of this exception, work is inherently dangerous “If the thing to be done is in itself unlawful, or if it is per se a nuisance, or if it cannot be done without doing damage…” Rogers v. Parker, 159 Mich. 278, 123 N.W. 1109 (1909).

Generally speaking, then, if the work cannot be done without doing some kind of damage or committing some kind of nuisance, such as controlled detonations, leveling buildings in a crowded city, etc., then the work is inherently dangerous, and the person who hires an independent contractor to perform the work is as much liable for damages caused by the work to third persons as is the independent contractor. Rogers, 159 Mich. 278.

These kinds of exceptions to the rule of non-liability for companies that hire independent contractors are real, and are happening more and more often. It is more important than ever that companies know with certainty that the contractors they hire are safe, licensed, insured and financially stable. The time to verify whether you are working with reliable, insured contractors is before contracting with them, not after a claim arises.

 

http://www.businesscredentialingservices.com/

Don’t Get Bitten by a Self-Insured Retention Hiding in a General Liability Policy

Screen Shot 2014-07-22 at 4.15.49 PM

When a company requires a vendor to name them as additional insured on a commercial general liability (“CGL”) policy, it is assumed the additional insured party will be covered in the event of a claim. But when the policy is subject to a self-insured retention, it is less clear whether the additional insured party will be protected in the event of a claim.

In recent years courts are facing a tough question. Does the term “commercial general liability insurance” imply that the CGL policy is also primary and non-contributory over insurance carried by the additional insured party? In other words, when a company asks their broker to acquire a CGL policy, does it imply a reasonable assumption that what is being requested is a CGL policy that is also primary and non-contributory to other available insurance.

If the CGL policy is subject to a self-insured retention where the named insured would have to cover a certain amount of a claim before the CGL policy kicked in, it makes it unlikely the additional insured party would be covered under most tort claims likely to arise, thus defeating the purpose of being named an additional insured under the policy.

In a growing number of cases, an additional insured certificate holder who relied on a named insured’s CGL policy for additional insured status learned after a claim surfaced that the policy was subject to a self-insured retention which operated to the additional insured’s detriment.

In one recent case(1) an additional insured party learned that the named insured’s $1 million CGL per occurrence policy was first subject to a self-insured retention of $2 million.

The facts of the case are not unusual. Pac-Van leased a work trailer to CHS. An employee of CHS was injured in the trailer and sued Pac-Van, who then demanded CHS defend Pac-Van per their agreement. CHS had named Pac-Van as additional insured, but CHS’ $1 million CGL coverage was first subject to a $2 million self insured retention, making the policy excess and not primary coverage. Pac-Van sued claiming that CHS breached their agreement by not purchasing explicitly primary insurance which would cover Pac-Van before the self insured retention had to be exhausted. CHS defended by arguing that their contract did not specifically say that it had to purchase “primary” CGL coverage. The court disagreed, and decided that the general understanding of the term “commercial general liability insurance” means “primary coverage.” The court held that Pac-Van did have a reasonable expectation that when they required CHS to name Pac-Van as additional insured on the CGL policy, it was implied that the coverage should be primary, and not subject first to a self-insured retention which effectively blocked Pac-Van from receiving any coverage under most conceivable claims which could arise under their agreement.

While the court decided that Pac-Van had a reasonable expectation that additional insured status under a CGL policy implies primary coverage, Pac-Van had to go through a long and costly litigation process all because of a self-insured retention which was not known about prior to a claim.

Certificate holders used to insist that additional insured endorsements accompany certificates. The same insistence should now be made that a certificate of insurance show the existence of a self-insured retention on a general liability policy. While the standard ISO ACORD forms for general liability do not have a specific checkbox to indicate the presence of a self-insured retention, in most instances an insurance broker should be able to clearly indicate on the certificate if the policy is subject to a self-insured retention, or at the least communicate in writing whether or not the policy is subject to such a restriction.

As with many other coverage issues, it is far better to investigate coverage at the beginning of a contract relationship by scrutinizing policies and certificates than waiting until after a claim arises. A comprehensive vendor insurance certificate tracking risk management program needs to screen for self-insured retentions on CGL policies, and know how that affects coverage for the additional insured party.

 

 

(1) PAC-VAN, Inc., v. CHS, Inc.

Stop Reacting to Risk and Get Creative With Your Vendor Financial Screening

Working with only safe, reliable vendors is always a goal for any risk manager. However, In Deloitte’s supply chain risk report, The Ripple Effect, they uncovered a surprising statistic about supply chain risk programs. Risk managers at half of the companies with active supply chain risk programs said that their own company’s risk program is probably not very effective at dealing with supply chain risk.

Effectively screening vendors ahead of awarding a contract not only means ensuring they are properly insured and licensed, it also means screening them for financial red flags and likelihood of the vendor suffering supply chain interruption due to bankruptcy, litigation, or cash flow problems.

Supply chain related bankruptcies are still high and can be sudden. Although only 44,111 US businesses filed for bankruptcy in 2013, a decline from the height of the financial crises, experts believe many more businesses probably should seek chapter 11 filing protection, but do not because of the stigma associated with doing business with a company going through chapter 11 restructuring. As a result, many vendors may be perilously close to shutting their doors and causing a supply chain interruption for clients, without presenting obvious warning signs.

The reason supply chain risk programs are not always effective is because many of the top cited strategies companies use to mitigate risk are reactive, not precautionary.

Screen Shot 2014-07-10 at 10.48.37 AM

It is important to financially screen vendors to ensure you do not award a contract to or rely on a supplier that is in poor financial health. For privately held companies this can be difficult, since those vendors are understandably reluctant to reveal private financial information about their company.

For privately held companies where financial information is difficult to obtain, BCS has a solution that can turn your reactive supply chain risk program into a proactive strategy that works.

BCS has developed a proprietary and unobtrusive survey that asks privately held vendors to simply provide financial ratios that permit comparison to accepted industry values, without requiring them to reveal detailed sensitive financial information.

BCS then collaborates with our clients to develop and utilize a scoring tool for their supply chain vendors. Vendors provide ratios which are then processed into a composite score, which is derived from a weighted summation of various financial data points collected and compared.

The vendor’s financial viability score is presented to our client in a simple, easy to understand report, allowing them to retain a good relationship with their vendors while ensuring they continue to only work with financially healthy vendors.

Follow

Get every new post delivered to your Inbox.