Average Individual Mandate Penalty Rising To $969 Per Household, Analysis Finds.

New analysis from the Henry J. Kaiser Family Foundation has found that Americans going into the New Year without purchasing health insurance or filing exemptions will be paying higher tax penalties than in previous years under the Affordable Care Act (ACA).

Starting in 2014, Americans filing their federal tax returns for the year were required to report whether they had health coverage or were exempt. As outlined by the ACA’s Individual Mandate, those who had not attained coverage, or filed for an exemption, paid a tax penalty fee of either 1 percent of their yearly income, capped at a maximum of the average price of an ACA Marketplace Bronze plan, or $95 per person ($47.50 per child under 18), limited to a family maximum of $285.

As the Individual Mandate is being phased in over a three-year period, the penalties have seen a steady increase. For anyone remaining uninsured in 2016, the penalty (to be paid out at tax time in 2017) will be much steeper than previous fees, as shown in the figure below:ACA Individual Mandate - Infographic

The Kaiser analysis estimates that individuals who were uninsured during the beginning of 2015 and eligible to enroll in the marketplace, the average household penalty in 2016 is $969, a 47% rise from 2015’s average estimated penalty of $661. Those who qualify for subsidized premiums will be subject to an average household penalty of $738 in 2016 and the average household penalty for uninsured individuals not eligible for any financial assistance is estimated to be $1,450.

According to the Kaiser analysis, just over 3 million uninsured Americans are eligible for healthcare at lower prices than what they would pay in penalties, or for free after subsidies. However, that leaves approximately 7 million people weighing their options, as the tax penalty fine could be more cost-effective for many than purchasing the least expensive insurance plan available.

The analysis goes on to say “a key area of uncertainty for 2016 is how much the increased penalties will encourage uninsured people – particularly those who are healthy – to obtain coverage”.  The ACA relies heavily on bringing healthy people into the risk pool; more people means lower premiums and increased subsidies for many, keeping the marketplace sustainable.

Open enrollment for 2016 health plans began November 1st and will last until the end of January 2016. In the last few weeks, the Obama administration has been endeavoring to publicize the increasing fines to the millions who remain without coverage. Mr. Kevin Counihan, the Chief Executive of the Federal Insurance Marketplace, wrote in a recent blog post that “A Special Enrollment Period around the April 15 tax filing deadline” will not be offered in 2016 like it was in previous years.

Please contact our fine Professional Agents and Underwriters here at Morris & Reynolds Insurance with any questions you have about these penalties, coverage options, or anything else you might need at (305) 238-1000.

As always, thank you for allowing us to provide your protection.

Know Your Insurance: Individual Mandate
thumb

Know Your Benefits: Individual Mandate Penalties
thumb

ACA Requirement to Buy Coverage: Flowchart

thumb

Florida Workers’ Compensation Rates Will Decrease Again in 2016

Good News! I am pleased to advise that the Florida Office of Insurance Regulation (OIR) has approved an overall decrease of 4.7% to workers’ compensation rates for new and renewal workers’ compensation policies issued in Florida on or after January 1, 2016. This is the second consecutive rate decrease in Florida.

The 4.7% decrease is an average over all workers’ compensation class codes. Individual class codes may decrease more or less than this amount. The average rate change for the five major industry groups are as follows:

INDUSTRY GROUP
AVERAGE DECREASE
Manufacturing
-7.5%
Contracting
-1.8%
Office & Clerical
-7.8%
Goods & Services
-4.4%
Miscellaneous
-4.6%

Please note: Although NCCI proposed a reduction in the Expense Constant (flat per-policy fee that is charged for every policy), OIR did not approve this change, so the Expense Constant will stay at $200. In addition to the class codes rate changes, OIR has approved an increase in the annual payroll amount used to determine premium for partners and sole proprietors. This amount is increasing by $800, from $43,000 to $43,800.

If you have any questions about your specific coverage or class codes, or anything else for that matter, please contact your Morris & Reynolds Underwriter or Agent and we will be happy to help you. As always, for the honor of providing your protection, thank you.

Consumer Reports and the Fair Credit Reporting Act

Consider the following situations that you may encounter in your hiring and promotion activities:

  • Your advertisement for cashiers nets 100 applications. You want credit reports on each applicant. You plan to eliminate those with poor credit histories. What are your obligations?
  • You are considering a number of your long-term employees for major promotions. Can you check their consumer reports to ensure that only responsible individuals are considered?
  • A job candidate has authorized you to obtain a credit report. The applicant has a poor credit history. Although the credit history is considered a negative factor, it’s the applicant’s lack of relevant experience that’s more important to you. You turn down the application. What procedures must you follow?

As an employer, you may use consumer reports when you hire new employees and when you evaluate employees for promotion, reassignment and retention— as long as you comply with the Fair Credit Reporting Act (FCRA). The FCRA is designed primarily to protect the privacy of consumer report information and to guarantee that the information supplied by consumer reporting agencies is as accurate as possible. The Consumer Financial Protection Bureau is the federal agency responsible for enforcing the FCRA.

Consumer reports are a valuable resource for making hiring and other employment decisions, but employers have regulations they are required to follow.

Employers who use consumer reports must ensure that individuals are aware that consumer reports may be used for employment purposes and agree to such use, and individuals are notified promptly if information in a consumer report may result in a negative employment decision.

Employers should also review state laws related to consumer reports. Some states restrict the use of consumer reports for employment purposes.

What is a Consumer Report?
A consumer report contains information about an individual’s personal and credit characteristics, character, general reputation and lifestyle. To be covered by the FCRA, a report must be prepared by a legitimate consumer reporting agency (CRA). Employers often do background checks on applicants and get consumer reports during their employment. Some employers only want an applicant’s or employee’s credit payment records, others want driving records and criminal histories. For sensitive positions, it’s not unusual for employers to order investigative consumer reports— reports that include interviews with an applicant’s or employee’s friends, neighbors and associates. Credit background, references, past employment, social security, work habits, education, drug testing, judgments and liens, sex offender lists, criminal backgrounds, driving records, and military records are all consumer reports if they are obtained from a CRA.

Applicants are often asked to give references. Whether verifying such references is covered by the FCRA depends on who does the verification. A reference verified by the employer is not covered by the FCRA; a reference verified by an employment or reference checking agency (or other CRA) is covered. Section 603(o) of the FCRA provides special procedures for reference checking; otherwise, checking references may constitute an investigative consumer report subject to additional FCRA requirements.

Key Provisions of the FCRA
The FCRA includes several key provisions concerning the use of consumer reports.

Employee notice and authorization: Before you can get a consumer report for employment purposes, you must notify the individual in writing—in a document consisting solely of this notice—that a report may be used.

Employers also must get the individual’s written authorization before asking a CRA for the report, and special procedures apply to the trucking industry. If you are requesting medical information, the individual’s authorization must specifically state his or her consent to release such information.

When requesting a credit report from a CRA, you must certify that you will inform the individual of his or her rights under the FCRA and agree not to use the information in violation of state or federal employment laws.

Action based upon credit information: When you receive a credit report from a CRA, you are not required to release the report to the employee unless the report prompts you to make an “adverse action”—denying a job application, reassigning or terminating an employee, denying a promotion or access to company benefits, or other discipline. Before you take the adverse action, you must first give the individual a disclosure that includes a copy of the individual’s consumer report and a copy of “A Summary of Your Rights Under the Fair Credit Reporting Act”—a document prescribed by the Consumer Financial Protection Bureau. This document is available at the Federal Trade Commission’s (FTC) website, www.consumer.ftc.gov. The CRA that furnishes the individual’s report will give you the summary of consumer rights.

After you’ve taken an adverse action, employers must give the individual notice—orally, in writing or electronically—that the action has been taken in an adverse action notice. The notice must contain the following information:

  • The name, address and phone number of the CRA that supplied the report.
  • A statement that the CRA that supplied the report did not make the decision to take the adverse action and cannot give specific reasons for it.
  • A notice of the individual’s right to dispute the accuracy or completeness of any information the agency furnished.

Before giving you an individual’s consumer report, the CRA will require you to certify that you are in compliance with the FCRA and that you will not misuse any information in the report in violation of federal or state equal employment opportunity laws or regulations.

An individual can request a copy of his or her credit report from the consumer reporting agency within 60 days of any adverse employment action based on the report at no cost. Employers should notify individuals of their rights to dispute the information contained in the credit report. CRAs must reinvestigate the accuracy of the disputed information within 30 days of the dispute without cost to the individual. If an applicant or employee notifies the employer that he or she is challenging information in the report, the employer should not make a final decision on the employment status of the applicant or employee until after that person has had a reasonable opportunity to address the information contained in the report. Employers must also make sure that they properly dispose of all “consumer information” obtained from consumer reports.

Investigative Reports: Employers who use “investigative reports”—reports based on personal interviews concerning a person’s character, general reputation, personal characteristics and lifestyle—have additional obligations under the FCRA. These obligations include giving written notice that the employer may request or have requested an investigative consumer report, and giving a statement that the person has a right to request additional disclosures and a summary of the scope and substance of the report.

In Practice
Here is information on how to apply these general requirements to the examples listed in the introduction of this article:

  • Your advertisement for cashiers nets 100 applications. You want credit reports on each applicant. You plan to eliminate those with poor credit histories. What are your obligations?
    • You can get credit reports—one type of consumer report—if you notify each applicant in writing that a credit report may be requested and if you receive the applicant’s written consent. Before you reject an applicant based on credit report information, you must make a pre-adverse action disclosure that includes a copy of the credit report and the summary of consumer rights under the FCRA. Once you’ve rejected an applicant, you must provide an adverse action notice if credit report information affected your decision.
  • You are considering a number of your long-term employees for major promotions. Can you check their consumer reports to ensure that only responsible individuals are considered?
    • You cannot get consumer reports unless the employees have been notified that reports may be obtained and have given their written permission. If the employees gave you written permission in the past, you need only make sure that the employees receive or have received a “separate document” notice that reports may be obtained during the course of their employment—no more notice or permission is required.
    • If your employees have not received notice or given you permission, you must notify the employees and get their written permission before you get their reports. In each case where information in the report influences your decision to deny promotion, you must provide the employee with a pre-adverse action disclosure. The employee also must receive an adverse action notice once you have selected another individual for the job.
  • A job candidate has authorized you to obtain a credit report. The applicant has a poor credit history. Although the credit history is considered a negative factor, it’s the applicant’s lack of relevant experience that’s more important to you. You turn down the application. What procedures must you follow?
    • In any case where information in a consumer report is a factor in your decision—even if the report information is not a major consideration —you must follow the procedures mandated by the FCRA. In this case, you would be required to provide the applicant a pre-adverse action disclosure before you reject his or her application. When you formally reject the applicant, you would be required to provide an adverse action notice.

Noncompliance
There are legal consequences for employers who fail to get an applicant’s permission before requesting a consumer report or who fail to provide pre-adverse action disclosures and adverse action notices to unsuccessful job applicants. The FCRA allows individuals to sue employers for damages in federal court. A person who successfully sues is entitled to recover court costs and reasonable legal fees. The law also allows individuals to seek punitive damages for deliberate violations. In addition, the FTC, other federal agencies and individual states may sue employers for noncompliance and obtain civil penalties.

More Information
For more information on the FCRA, or if you have any other questions concerning compliance, contact the experts at Morris & Reynolds Insurance.

Data Breaches: A Growing D&O Concern

A data breach can be a devastating event, affecting a company financially and damaging its reputation with customers. But as a director or officer at your company, you face litigation risks based on the decisions you make following a breach and on how you influence cyber security policies, as these are often considered board-level issues.

If a suit is filed against you after a data breach occurs, based on your position as a board member, you will not be protected by your commercial general liability policy or your cyber liability policy. Your best source of protection is from your directors and officers (D&O) policy, as long as your policy is tailored to include protection after a data breach.

Data Breach Threats
The biggest threat from a data breach is loss of information, whether it is information regarding your company’s finances or the personal identification information of your customers, such as Social Security numbers or credit card information.

Losing sensitive information belonging to your customers or company can have a devastating effect on your reputation. If the credit card information of your customers is stolen, your customers would need to cancel their cards and get new ones—an inconvenient process and one that can damage your company’s image in the eyes of customers.

Data Breach Response
Following a data breach, you may be legally required to notify certain people about it. For example, if your company is publicly traded, guidelines issued by the Securities and Exchange Commission (SEC) say you must report cyber security incidents to stockholders. The cost of notification after a breach is generally covered by a cyber liability policy. And depending on the number of people you need to notify, the cost can be quite high.

Notification should be taken very seriously, as the way a company responds to a data breach can lead to exposure and legal action beyond lawsuits from customers—the company could be subject to regulatory action from the Federal Trade Commission or the SEC.

Data Breaches and D&O Coverage
Insufficient cyber security that leaves your company vulnerable to a data breach can be seen by your customers or shareholders as negligence or a breach of duty. Your customers and shareholders may seek to hold you responsible for the damage, as the board is responsible for making decisions on behalf of the company. Because of this, you need protection in the form of a D&O policy.

In past legal cases following a data breach, directors and officers have been accused of:

  •  Failing to take reasonable steps to protect customers’ personal and financial information
  • Failing to implement controls to detect and prevent a data breach
  • Failing to report a breach in a timely manner

A cyber liability policy would not offer the legal protection needed by directors and officers after a data breach, whereas a D&O policy can.

A D&O policy provides coverage for a “wrongful act,” such as an actual or alleged error, omission, misleading statement, act of neglect or breach of duty.

Cyber Security Is Vital
A company’s directors and officers are expected to be involved in and knowledgeable about the company’s cyber security. It’s rapidly becoming a vital aspect of responsible business management and customer service.

The following are some techniques to improve the cyber security of your company:

  • Install a firewall—Companies with five or more computers should consider buying a network firewall to protect the network from being hacked.
  • Install security software—Anti-virus, anti-malware and anti-spyware should be installed on every computer in the network. All software should be up-to-date.
  • Encrypt data—All data, whether stored on a tablet, flash drive or laptop, should be encrypted.
  • Use a virtual private network (VPN)—A VPN allows employees to connect to the company’s network remotely without the need of a remote-access server. VPNs use advanced encryption and authentication protocols, providing a high level of security for your network.
  • Develop a data breach plan—Have a plan in place so when, not if, you experience a data breach, you can act quickly and minimize your loss.

Data Breach Risks Without D&O Insurance
After a data breach, claims from shareholders and customers will most likely be made. Since you can be held personally responsible for the acts of the company as a board member, your plans and decisions need to be protected.

Without D&O coverage, your personal assets are at stake and could be forfeited to cover legal costs. You can protect yourself with a D&O insurance policy. Talk to your insurer about this type of coverage and be sure your policy is tailored to cover any gaps.

The Credit Card Liability Shift – What Merchants Need to Know

EMV is the acronym for Europay, Mastercard and Visa—the three credit card companies responsible for pioneering a new credit card technology in the 1990s. Though they were the first innovators, since then, all major credit card companies have adopted the technology, which has been in widespread use in Europe and elsewhere in the world for several years. On Oct. 1, 2015, that same standard will come to the United States as credit card companies enact the “EMV liability shift.”

In the simplest terms, this means that the cost of fraudulent charges on certain kinds of credit and debit card transactions will be determined solely by the technology used in the transaction. Whoever has the least EMV-compliant technology—either the merchant processing the transaction or the card issuer—will be liable for the costs of the fraudulent charge.

Such a shift could have huge financial implications for businesses, especially since card issuers have typically borne the bulk of fraud liability. To minimize the impact of this shift on your business, it’s important to understand what EMV is, why it’s being adopted as the new standard and what the new technology will and won’t do in terms of minimizing risk.

Understanding the New Technology
credit-card-frontEMV replaces the old standard of encoding cardholder information—the magnetic stripe on the back of the card—with a microprocessor chip that’s embedded within the card. Customers then punch in a personal identification number (PIN), much like a debit card, or sign for the transaction in the same way customers currently do with magnetic stripe cards.

Whoever has the least EMV-compliant technology—either the merchant processing the transaction or the card issuer—will be liable for the costs of the fraudulent charge.

EMV cards offer major security benefits. Specifically, in contrast to their magnetic stripe counterparts, EMV chip cards are almost impossible to clone. On magnetic stripe cards, thieves can steal cardholder information using a device called a “skimmer.” On EMV chip cards, cardholder information is stored in a microprocessor that generates a unique signature for every transaction, effectively “communicating” its authenticity every time it’s scanned. In fact, in countries that have adopted the EMV standard, the use of counterfeit cards has dropped nearly to zero.

EMV Migration – What Businesses Need to Do
There are certain steps a business will have to take in order to become EMV compliant. These can take time, so starting as soon as possible is the best strategy.

  • Examine Hardware: Some businesses that have upgraded point-of-sale (POS) card readers in the past few years might find them capable of reading EMV cards. Many businesses, however, will have to upgrade their existing hardware.
  • Consult With Third Parties: Businesses should contact their merchant acquirers, payment processors and independent software vendors. These third parties can help by offering specific recommendations and solutions that fit with each individual business’s needs.
  • Purchase and Certify New Hardware: The merchant acquirer or payment processor should be able to tell a business what certification, if any, that business might need.
    • Often, if the card reader isn’t heavily customized, the acquirer or processor may have already taken care of certification.
    • If, however, the card reader is highly integrated into the business’s POS, that business might need to obtain proper certifications. In some cases, the same policy can cover multiple events.
    • Certification takes time. Level 3 certification, for instance, can take anywhere from a couple of weeks to several months.
  • Decide on Chip-and-PIN or Chip-and-signature: Businesses should also consider whether the terminals they purchase can handle chip-and-PIN transactions or only chip-and signature transactions. At the moment, most card companies are issuing chip-and-signature cards. However, it’s likely that chip-and-PIN will be the standard in a few years. Rather than update hardware twice, it might make sense to make that investment now.
  • Implement Internal Training: EMV cards are processed a bit differently than magnetic stripe cards, so it’s important that employees understand the differences:
    • The total amount of the transaction must be entered into the terminal before the card is inserted.
    • An EMV card must remain inserted in the terminal for the entire duration of the transaction.
  • Educate Customers: Most businesses will be far more knowledgeable on the new technology than their customers. Teaching employees how to instruct customers on using their new EMV cards will be essential in making the transition as smooth as possible.

Important Exclusions to EMV
The liability shift only applies to card-present, face-to-face transactions. Currently, there’s a separate liability shift, scheduled for October 2017, for ATM withdrawals and automated fuel dispensers.

Card-not-present (CNP) transactions won’t be affected by the liability shift. That means that even if a business has an EMV-compliant terminal, if the card information is manually entered, or if the transaction occurs on the internet, the business will usually be responsible for the costs associated with a fraudulent transaction.

It’s also worth noting that many EMV cards will also have a magnetic stripe in addition to the chip. If a business uses the stripe to read the card rather than use the chip, it will assume liability, regardless of whether the terminal is EMV compliant or not.

Putting it All Together
EMV is a technology designed to reduce losses and should be thought of as another piece of your business’s overall security strategy. For more information on how to assess and mitigate your business’s risks, contact your professional agents and underwriters here at Morris & Reynolds Insurance today.