The Uninsured Contract: A New Framework for Managing MPO Liability

Introduction: The Broken Contract and the Billion-Dollar Detour

Early in my career as a junior city planner, I was swept up in the collective optimism for our region’s future.

The centerpiece of this vision was a light rail line, a gleaming steel artery designed to connect our burgeoning suburban communities with the economic heart of the central city.

It was more than just a project; it was a promise.

It was the crown jewel of our Metropolitan Planning Organization’s (MPO) 20-year Long-Range Transportation Plan (LRTP), a document that represented years of collaboration, public meetings, and technical analysis.

We believed we were building the future.

Years later, I watched that future collapse.

The project, once a symbol of regional unity, became a source of bitter recrimination.

The fatal blow came not from a political squabble or an engineering flaw, but from a quiet, technical failure deep within the MPO’s planning documents.

The revenue forecasts that underpinned the entire financial plan—the federally mandated “fiscal constraint” that gives these plans their legitimacy ¹—were revealed to be wildly, catastrophically optimistic.

Federal funding was rescinded, lawsuits flew between the member cities who felt betrayed, and our region was left with a multi-billion-dollar detour to nowhere.

The promise was broken.

For years, I struggled to understand how this could happen.

I saw the MPO as a monolithic, if flawed, government body.

Its failure seemed like a simple, albeit massive, case of bureaucratic incompetence.

The true epiphany, the moment that reshaped my entire understanding of public administration and risk, came from a conversation with a software architect.

She was describing something called an Application Programming Interface (API) Contract.³

An API, she explained, isn’t a piece of software itself; it’s a formal agreement, a set of strict rules and protocols that defines how independent software systems must communicate and interact with each other.⁵

It’s a contract that ensures different programs, built by different teams, can work together reliably.

Suddenly, the MPO’s structure and its catastrophic failure snapped into focus.

An MPO isn’t a single “program” that builds things.

It is a living, breathing API Contract.

It is the federally mandated interface that dictates how dozens of independent, sovereign “systems”—cities, counties, states, and transit authorities—must cooperate to receive federal transportation funding.¹

The light rail disaster wasn’t a bug in a single program; it was a fundamental breach of the contract’s core terms.

The fiscal data was flawed, the “request” for funding was invalid, and the entire system crashed.

This report introduces this new paradigm—the MPO as an API Contract—to deconstruct the unique and poorly understood liability landscape these organizations face.

By reframing MPO governance, planning functions, and inter-jurisdictional relationships in the rigorous language of system architecture, we can move beyond vague notions of “political risk” and build a precise, actionable threat model.

This framework will expose the critical gaps in standard public entity insurance and provide a clear roadmap for MPO leaders to build truly resilient organizations, ensuring the promises they make to their communities are promises they can keep.

Section 1: The MPO as an API Contract: A New Paradigm for Regional Governance and Risk

The Federal-Aid Highway Act of 1962 created MPOs to solve a fundamental problem of governance: how to make independent local governments cooperate on regional transportation planning as a condition for receiving federal funds.¹

The solution was not to create a new layer of government that would build roads or run buses, but to establish a formal process for collective decision-making.

This process, known as the “3-C” process—Continuing, Cooperative, and Comprehensive—is the foundational protocol for all MPO activity.⁷

This structure is not analogous to a traditional government department; it is a perfect real-world implementation of an API Contract.

The Core Analogy Explained

In software development, an API enables two separate applications to talk to each other.

Your weather app (the “client”) makes a “request” to the weather bureau’s database (the “server”) via an API, and the API ensures the request and response follow a strict, predefined format so the communication is successful.⁴

The MPO functions in precisely the same Way.

• The “Interface”: The MPO itself is the interface. It is the neutral, federally mandated forum for cooperative decision-making.² It is not a “client” or a “server” but the essential gateway through which all regional transportation funding decisions must pass. Its purpose is to manage a fair and impartial setting for this process.¹
• The “Clients” and “Servers”: The “clients” are the numerous local governments, transit agencies, and other stakeholders within the metropolitan planning area.⁶ They make “requests” by proposing projects and advocating for their priorities. The “server” is the larger regional and national transportation system, which includes the State Department of Transportation (DOT) and federal funding bodies like the Federal Highway Administration (FHWA) and Federal Transit Administration (FTA). This “server” only processes “requests” (projects) that are correctly formatted and validated by the MPO “interface.”
• The “Contract” Terms: The API contract is the entire federally mandated transportation planning process. The “3-C” process is the foundational protocol that governs all interactions.⁹ The MPO’s key work products—its plans and programs—are the specific, legally binding components of this contract. They define the “endpoints” (what can be requested), the “data structures” (how requests must be formatted), and the “protocols” (the rules for interaction).¹¹
• “Authentication and Authorization”: The MPO’s governance structure serves as the critical authentication and authorization layer. The MPO Policy Board, typically composed of elected officials from member jurisdictions and representatives from transportation agencies, acts as the gatekeeper.² Its role is to authenticate the legitimacy of the “clients” (the member governments) and authorize their “requests” (projects) by ensuring they comply with all terms of the “contract”—that is, all federal and state planning requirements.⁸ Technical and Citizen Advisory Committees provide further layers of validation and review, ensuring the data and processes are sound.²

Viewing the MPO through this lens transforms how we analyze its risks.

Vague concepts like “governance risk” or “political disputes” become concrete, analyzable problems of system architecture.

Instead of merely acknowledging that MPOs face political pressures, we can adopt the rigorous methodology of API security analysis and ask precise, targeted questions.

Where are the weak authentication protocols in our board’s voting structure that could allow one powerful “client” to dominate the system?¹⁰ Are our data models for fiscal constraint—the “request body” for billions of dollars in funding—robust enough to prevent an injection of flawed data that could crash the system?¹³ What is the protocol for handling a “Broken Object Level Authorization” attempt, where one member jurisdiction tries to improperly influence a project outside its direct authority, a common risk in complex software systems?¹⁴

This paradigm shift is more than a clever metaphor.

It provides a unified, systems-thinking framework that connects the MPO’s technical work, its political governance, and its legal liabilities.

Traditional risk management for public entities often examines these areas in separate silos.

The API contract model reveals them to be deeply interconnected parts of a single, complex system.

A flaw in the technical “code” (a bad forecast) can exploit a weakness in the “authorization” protocol (a contentious board vote), leading to a catastrophic system failure (a collapsed project and a storm of litigation).

This integrated understanding is the essential first step toward identifying the MPO’s true liabilities and architecting an insurance and risk management program that can actually protect it.

Section 2: Deconstructing the MPO “Contract”: Core Functions and Mandated “Endpoints”

If the MPO is an API Contract, its core planning documents are the specific, legally binding “endpoints” that define its function.

These are not merely reports; they are the deliverables of the contract, the mechanisms through which member governments make requests and the federal government provides responses.

Federal law requires that any highway or transit project receiving federal funds must be included in these documents, making them the central nexus of power and liability for the MPO.¹

There are four primary “endpoints” that every MPO must establish and maintain.

The Long-Range Transportation Plan (LRTP/MTP): The Master Service Agreement

The Long-Range Transportation Plan (LRTP), sometimes called the Metropolitan Transportation Plan (MTP), is the foundational document of the MPO contract.

It is a comprehensive, multimodal plan that sets forth a 20- to 25-year vision for the region’s transportation system.¹

This is the “Master Service Agreement” that outlines the region’s shared goals, policies, and the universe of projects and strategies intended to achieve that vision.²

The single most critical “data field” within this agreement is fiscal constraint.

The LRTP is not a wish list.

Federal law mandates that it must include a financial plan that demonstrates how the proposed projects and programs can be implemented using existing and reasonably expected future revenues.²

This requirement is the bedrock of the plan’s credibility.

An MPO must demonstrate that its vision is financially achievable, and failure to do so can invalidate the entire plan and jeopardize federal funding for the region.¹⁸

The LRTP is typically updated every four to five years, requiring a constant process of re-evaluation and public involvement.¹⁵

The Transportation Improvement Program (TIP): The “POST Request” for Funding

If the LRTP is the long-term vision, the Transportation Improvement Program (TIP) is the short-term action plan.

The TIP is a four-year, fiscally constrained program of specific highway and transit projects that will receive federal funding.⁷

In API terms, the TIP is the primary “POST request” that a region sends to the federal government to secure funding for implementation.

A project cannot receive federal funds unless it is listed in the TIP.⁸

The TIP is where the aspirational goals of the LRTP meet the hard reality of limited resources.

It must be consistent with the LRTP, meaning it must advance the long-term vision, but it is also the arena where member jurisdictions compete for a finite pool of dollars.²⁰

The development of the TIP is a highly political and technical process, requiring the MPO to prioritize projects based on established criteria, public input, and, crucially, fiscal constraint.⁸

The MPO and the Governor must jointly approve the TIP, which is then incorporated into the Statewide Transportation Improvement Program (STIP).²

The relationship between the LRTP and the TIP is the primary source of contractual friction and liability for an MPO.

A member jurisdiction may see its prized project listed in the 20-year LRTP and view this as a binding promise from the MPO.

However, the LRTP is a plan, not a guarantee of funding.

When that project is not selected for inclusion in the much more competitive four-year TIP due to funding shortfalls, shifting regional priorities, or new data, the jurisdiction can feel the MPO has breached its “contract.” This perceived breach can easily escalate into a formal inter-jurisdictional dispute, with one member government potentially suing the MPO or its board members for failing to deliver on the plan’s promises.

This is not a simple disagreement; it is an alleged failure of the MPO’s core function, creating a clear pathway to a Public Officials Liability claim.

The Unified Planning Work Program (UPWP): The Operational Budget

The Unified Planning Work Program (UPWP) is the MPO’s operational budget.

It is a detailed statement, typically updated every one or two years, that identifies all the transportation planning activities to be performed by the MPO and its member agencies using federal planning funds.⁷

The UPWP specifies who will perform the work (MPO staff, a member agency, or a consultant), the schedule, the resulting products, and the proposed funding sources.²¹

In the API contract model, the UPWP is the “API call” that funds the existence and operation of the MPO “interface” itself.

It is developed in cooperation with the state and public transit operators and must document how federal funds from the FHWA and FTA, typically matched by state and local funds at a 20% rate, will be used to carry out the “3-C” planning process.¹

For MPOs in smaller urbanized areas, a simplified statement of work may be permitted in lieu of a full UPWP.²¹

The Public Participation Plan (PPP): The “Terms of Service” for the Public

The Public Participation Plan (PPP) is a federally required document that details the procedures and strategies the MPO will use to ensure the public has reasonable opportunities to be involved in the transportation planning process.⁷

It is, in essence, the public’s “Terms of Service” for interacting with the MPO.

The PPP must describe how the MPO will provide timely information, allow for public comment at key decision points, and actively seek out and consider the needs of all community members, including traditionally underserved populations, in compliance with Title VI of the Civil Rights Act and other nondiscrimination statutes.⁷

A robust and transparent public involvement process is not optional; it is a core function of the MPO.¹

Failure to adhere to the procedures outlined in the PPP can be grounds for a legal challenge that could invalidate the LRTP or TIP, halting projects and putting federal funds at risk.

Section 3: “Security Vulnerabilities”: A Threat Model for MPO Liabilities

Just as any software API can have security vulnerabilities, the MPO “contract” has inherent weaknesses that expose it to failure and liability.

By applying a threat modeling approach borrowed from cybersecurity, we can systematically identify and categorize the MPO’s most significant risks.

These are not abstract possibilities; they are concrete failure modes rooted in the MPO’s structure and federally mandated functions.

3.1 Faulty Code: Errors and Omissions in Planning and Forecasting

The most direct threat to the MPO contract comes from flaws in its technical work—its “source code.” This is the professional liability of the MPO staff and its consultants, arising from errors and omissions in the complex analyses that underpin every plan and program.

The evidence of this vulnerability is widespread.

Many MPOs, particularly the more than 250 that serve smaller urban areas with populations between 50,000 and 200,000, are chronically understaffed and under-resourced.²²

The median MPO has only six staff members, making it difficult to maintain the sophisticated technical expertise needed to conduct complex travel demand modeling, air quality conformity analysis, and long-range financial forecasting.²²

A 2009 Government Accountability Office (GAO) report found that some MPOs simply lack the technical capacity and data necessary to meet their planning needs.¹³

This challenge is most acute in the development of the fiscally constrained LRTP.

Accurately forecasting revenues over a 20-year horizon is exceptionally difficult, yet it is a federal requirement.¹⁸

An error in a travel demand model that overestimates future traffic, or a fiscal analysis that relies on overly optimistic assumptions about gas tax revenue, can lead to the approval of a project that is financially unsustainable.

When that project fails, as my own experience attests, the MPO can be held liable for the consequences.

This can trigger a massive Errors & Omissions (E&O) lawsuit from member governments who invested in the failed project, from private partners who suffered financial losses, or from the state DOT seeking to recover squandered funds.

3.2 Broken Authorization: Inter-jurisdictional Disputes and Governance Failures

This vulnerability class relates to the MPO’s governance structure—its “authorization” protocols.

The risk arises from the inherent political tension of regional cooperation, where the MPO board must make decisions that create winners and losers among its own member jurisdictions.

MPO boards are, by design, composed of local elected officials and agency representatives who are duty-bound to represent their own constituents’ interests.⁶

This creates a permanent, structural conflict of interest.

This tension is often exacerbated by voting structures that do not represent residents equally.

Research on the 20 largest MPOs has shown that board representation and voting power are often not proportional to the population of the jurisdictions, leading to systemic underrepresentation of central cities and their residents.¹⁰

Only about 13% of MPOs use a weighted voting system to address this, but even these can be politically contentious.²²

Federal law further complicates this by mandating coordination between MPOs that share an urbanized area or an air quality nonattainment zone.²⁴

While the intent is to foster regional solutions, these requirements can become sources of friction.

When MPOs fail to agree on consistent data, planning assumptions, or project priorities, it can lead to unaddressed cross-boundary problems like traffic congestion that spills from one region to another or disjointed economic development strategies.²⁶

The liability here is immense.

A decision by the MPO board—for example, approving a TIP that funds a highway expansion in a wealthy suburb while deferring a transit project in a low-income urban neighborhood—can be challenged in court on multiple fronts.

It could be framed as a “wrongful act” under a Public Officials Liability policy, a violation of the MPO’s own interlocal agreement, or, most seriously, a violation of federal civil rights law.

Title VI of the Civil Rights Act prohibits discrimination on the basis of race, color, or national origin in programs receiving federal financial assistance, and MPOs must actively plan for transportation equity.¹⁶

A planning decision that has a disparate, negative impact on a protected population can trigger federal investigation and lawsuits that threaten the entire region’s funding.

3.3 Insecure Third-Party Dependencies: The Unique Risks of Public-Private Partnerships (P3s)

MPOs do not build projects, but they are increasingly involved in planning for large-scale infrastructure that is delivered through Public-Private Partnerships (P3s).

By including P3 projects in their long-range plans, MPOs create a dependency on a third-party delivery model that introduces a host of unique and complex risks.

While P3s are often promoted as a way to leverage private sector efficiency and innovation, they are structurally more expensive than traditional public financing due to higher private borrowing costs and transaction fees.²⁸

The core premise of a successful P3 is the efficient transfer of risk from the public to the private sector.²⁹

However, this transfer is often incomplete or illusory.

P3 contracts are notoriously complex, and governments often lack the expertise to negotiate terms that truly protect the public interest, leading to situations where significant risks are shifted back to the taxpayer.²⁹

The MPO’s role is critical here.

The traffic and revenue studies included in an MPO’s LRTP often form the financial foundation upon which a state or local government decides to enter into a P3 agreement, particularly for toll-based projects.³²

If the MPO’s forecasts prove to be inaccurate—a “faulty code” vulnerability—the consequences are magnified.

If a P3 toll road fails to generate the projected revenue, the private partner may face bankruptcy, and the government may be contractually obligated to provide bailouts, minimum revenue guarantees, or other forms of financial support, creating massive, unplanned fiscal risks.³²

In such a scenario, the MPO that produced the original flawed forecast could easily be named in a lawsuit by the government entity seeking to recoup its losses, or even by the private partner alleging that it was induced to enter the agreement based on negligent information.

3.4 New Attack Vectors: Emerging Mobility, Autonomous Vehicles, and Cyber Risk

The final vulnerability class involves new and evolving threats that the MPO “contract,” originally designed in the 1960s, was not built to handle.

The transportation landscape is being rapidly transformed by new technologies, creating novel liabilities for planners.

MPOs are now expected to plan for a future that includes “emerging mobility” services like micromobility (e-scooters), ridesharing, and, most significantly, connected and autonomous vehicles (AVs).³⁴

The legal and liability framework for AVs is a volatile and uncertain patchwork that varies dramatically from state to state, with no overriding federal legislation.³⁶

This creates a minefield of risk for MPOs.

Imagine an accident involving an AV on a corridor that the MPO’s plan specifically designated for AV testing.

If the crash is attributed not to the vehicle’s manufacturer but to inadequate infrastructure design or flawed operational planning, the MPO could be drawn into a complex product liability lawsuit.³⁸

Simultaneously, the increasing reliance on data, modeling, and public-facing web portals makes MPOs prime targets for cyberattacks.

A ransomware attack could paralyze an MPO’s operations, preventing it from meeting federal deadlines for its TIP or UPWP and putting funding at risk.⁴⁰

A data breach that exposes sensitive public comments or proprietary planning data could trigger significant privacy liability claims.⁴¹

These new vectors demonstrate that MPO risk is not static.

The most dangerous liability is not a single, isolated event but a cascading failure where these vulnerabilities compound each other.

A technical error in a forecast (“Faulty Code”) for a P3 project (“Third-Party Dependency”) can lead to a financial collapse that triggers a bitter lawsuit between member jurisdictions (“Broken Authorization”).

This is the nightmare scenario for which most MPOs are dangerously unprepared and, as the next section will show, dangerously underinsured.

---

Table 1: MPO Threat Model & Liability Matrix

To translate these abstract risks into a concrete management tool, the following matrix connects the “API Threat” model to specific MPO activities, potential legal claims, and the primary insurance policies that should respond.

This serves as a “Rosetta Stone” for MPO leaders and risk managers, bridging the gap between their planning work and the language of insurance.

Vulnerability Class (API Threat Analogy)	Specific MPO Activity/Risk	Potential Claim/Lawsuit	Primary Insurance Policy Triggered
Faulty Code	LRTP Fiscal Constraint Analysis; Travel Demand Modeling; Air Quality Conformity Analysis	Professional Negligence (E&O) claim from member city for financial loss on a failed project; Lawsuit from State DOT to recover lost federal funds due to non-conformity.	Professional Liability (Errors & Omissions)
Broken Authorization	TIP Project Selection Process; MPO Board Voting on Controversial Projects; Failure to follow Public Participation Plan (PPP)	Civil Rights (Title VI) lawsuit over inequitable project distribution; Lawsuit from member jurisdiction alleging breach of interlocal agreement; Claim of “Wrongful Act” against board members.	Public Officials Liability (POL/PEML)
Insecure Third-Party Dependencies	Planning for P3 projects; Providing traffic and revenue studies used in P3 concession agreements.	Breach of Contract claim from P3 partner alleging reliance on faulty data; Negligence claim from sponsoring government entity for financial losses on a failed P3.	Professional Liability (E&O); Contractual Liability
New Attack Vectors	Designation of AV testing corridors; Collection of public data via online portals; Reliance on digital modeling software.	Product Liability claim from AV manufacturer after a crash; Privacy Liability claim after a data breach; Business interruption costs from a ransomware attack.	General Liability; Cyber Liability

---

Section 4: The “Service Level Agreement” (SLA): Architecting an Insurance Program for the MPO Contract

In the world of APIs, a Service Level Agreement (SLA) is a contract that defines the level of service a consumer can expect from a provider, including metrics for uptime, performance, and responsibilities.

If the service fails, the SLA dictates the remedies, which often include financial penalties.⁵

For an MPO, its insurance program is its SLA.

It is the financial backstop that is supposed to respond when the “API Contract” fails and results in liability.

However, a close examination reveals that the standard insurance products available to public entities are often fundamentally misaligned with the MPO’s unique risk profile, leaving critical vulnerabilities unprotected.

4.1 The Standard Toolkit: Core Public Entity Coverages

Insurance carriers like Chubb, Travelers, and Liberty Mutual offer packaged policies for “public entities,” a broad category that includes cities, counties, special districts, and schools.⁴³

MPOs are typically insured under this umbrella, which provides a standard set of core coverages.

• Public Officials Liability (POL) / Public Entity Management Liability (PEML): This is the foundational coverage for an MPO’s governing body. It is designed to protect board members, officials, and employees from claims alleging a “wrongful act” in the performance of their duties.⁴⁶ This policy is the first line of defense against claims arising from governance failures and inter-jurisdictional disputes, such as a lawsuit from a member city over a contentious project selection in the TIP. Notably, some policies explicitly provide coverage for violations of civil rights, which is a critical protection given the MPO’s equity responsibilities.⁴⁶
• General Liability (GL): This policy covers claims of bodily injury and property damage. For an MPO, which primarily engages in planning rather than physical operations, its GL exposure is relatively limited. The main risks would be premises liability (e.g., a member of the public slipping and falling at an MPO-hosted meeting) or liability arising from MPO-sponsored events.⁴³
• Employment Practices Liability (EPLI): As employers, MPOs face the same risks as any other organization regarding their staff. EPLI provides crucial protection against claims from current, former, or prospective employees for issues like wrongful termination, discrimination, harassment, or retaliation.⁴⁰ While essential for managing internal risk, EPLI is separate from the MPO’s core public-facing planning liabilities.

4.2 Patching the Vulnerabilities: Essential Endorsements and Specialized Policies

The standard toolkit provides a necessary but insufficient foundation.

The most severe risks identified in the MPO threat model fall into the gaps between these core coverages.

A resilient insurance program must patch these vulnerabilities with specialized policies and endorsements.

• Professional Liability (Errors & Omissions): THE CRITICAL GAP. This is, without question, the most significant and commonly overlooked coverage for an MPO. Professional Liability, or E&O, is specifically designed to cover financial loss suffered by a third party due to negligence in the rendering of professional services.⁴¹ The MPO’s core functions—planning, modeling, data analysis, and forecasting—are professional services. A standard POL/PEML policy may contain an exclusion for professional services, creating the potential for a catastrophic, uninsured loss if the MPO is sued over a flawed LRTP or a faulty traffic study. An MPO without dedicated E&O coverage is effectively uninsured for its primary operational risk.
• Cyber Liability: In the modern era, this is no longer an optional coverage. A standalone cyber policy is essential to cover the costs associated with data breaches, ransomware attacks, business interruption, and network security failures.⁴⁰ Given the MPO’s role as a repository of regional data and its reliance on digital tools, the financial and reputational cost of a cyber incident can be immense.
• Contractual Liability: This coverage, which addresses liability that an insured assumes under a contract, is often included within a GL policy, but it requires careful scrutiny. The MPO’s entire existence is predicated on an interlocal agreement with its members, and it may enter into other contracts related to data sharing or P3 planning. The MPO’s leadership must understand precisely how their policy responds to a claim alleging a breach of one of these foundational contracts.

The fundamental misalignment is this: the insurance industry’s standard “public entity” product is built for organizations that do things—run police forces, maintain parks, operate water utilities.⁴³

Their primary risks are operational.

MPOs, however, are entities that

plan things.

Their greatest liability arises not from a police car crash, but from a decimal point error in a 20-year financial forecast that causes a billion-dollar project to fail.

This risk—professional negligence in planning—falls squarely in the ambiguous territory between a Public Officials policy (which covers “wrongful acts” but may exclude professional services) and a traditional Architect & Engineer’s E&O policy (for which an MPO, as a quasi-governmental body, may not neatly fit the underwriting profile).

MPOs exist in an insurance no-man’s-land and require a carefully crafted, hybrid solution—a “Planner’s E&O” policy or a POL policy with a robust, unambiguous endorsement affirming coverage for all planning activities.

4.3 Critical Exclusions: Where the “API Contract” is Left Unprotected

The danger in an insurance policy often lies not in what it covers, but in what it excludes.

For an MPO, several standard exclusions commonly found in public entity policies represent existential threats.

• Professional Services Exclusion: As noted above, this is the silent killer. If a POL or GL policy contains this exclusion, an insurer could argue that the MPO’s core work of planning is a “professional service” and deny any claim arising from it, leaving the MPO bare.
• “Faulty Workmanship” Exclusion: Common in GL policies, this exclusion is intended to prevent a contractor from using its liability policy to pay for re-doing its own shoddy work.⁴⁸ In the context of an MPO, an aggressive claims adjuster could argue that a flawed LRTP constitutes the MPO’s “faulty work” and deny a claim for the costs to defend a lawsuit over it, or the costs to re-do the plan.
• Breach of Contract Exclusion: Many liability policies exclude coverage for liability that arises purely from a breach of contract, requiring some accompanying “wrongful act” or negligence to trigger coverage. This could become highly problematic in a dispute between MPO members that is framed as a simple breach of the interlocal agreement that created the MPO.
• Insured vs. Insured Exclusion: This is a critical and often misunderstood exclusion. It is designed to prevent collusion, barring coverage for lawsuits filed by one insured party against another under the same policy. The definition of “Insured” in a public entity policy can be very broad, sometimes including the entity itself, its officials, and its member jurisdictions. If a member city is considered an “insured” under the MPO’s policy, this exclusion could be used to deny coverage for a lawsuit brought by that city against the MPO’s board, eviscerating one of the policy’s primary purposes.

Section 5: A Framework for a Resilient MPO: Integrating Risk Management and Insurance

Securing the right insurance policy is a critical defensive measure, but a truly resilient MPO must move beyond simply buying insurance and embrace a proactive culture of risk management.

The “API Contract” paradigm is not just an analytical tool; it is an operational framework for building this resilience.

It allows MPO leadership to shift their thinking from passive compliance to active assurance, rigorously testing their own systems to prevent failures before they occur.

Moving Beyond Insurance to Assurance

An MPO that views its core documents as contracts rather than just plans will behave differently.

It will recognize that ambiguity in its terms, weaknesses in its data, and unstated assumptions are not just planning oversights—they are potential breaches waiting to happen.

The goal is to build an organization where the “API Contract” is so robust, clear, and well-tested that the “SLA” of an insurance policy is a backstop that is rarely needed.

This requires a disciplined, ongoing process of self-assessment and strategic action.

Actionable Recommendations

To translate this framework into practice, MPO leaders, in partnership with their legal counsel and risk advisors, should undertake the following actions:

1. Conduct an “API Contract” Audit: The MPO’s leadership and staff should conduct a comprehensive review of their foundational documents—the LRTP, TIP, UPWP, PPP, and the interlocal agreement—through the lens of a contract lawyer. Where are the terms ambiguous? Are performance metrics for goals like “equity” or “sustainability” clearly defined and measurable?⁴⁹ Are the protocols for amending the plan clear? This audit identifies and eliminates sources of potential misunderstanding and dispute before they can fester.
2. Stress-Test the “Endpoints”: The MPO should use rigorous scenario planning to test the resilience of its plans. This goes beyond simply projecting a baseline future. What happens to the LRTP’s fiscal constraint if gas tax revenues decline by 20% over the next decade due to vehicle electrification? What is the financial impact on the region if a major P3 partner defaults on a project included in the TIP? How would the transportation network perform during a mass evacuation event? Stress-testing the “endpoints” in this way proactively identifies weaknesses in the MPO’s “code” and allows for contingency planning.²⁶
3. Demand a “Planner’s E&O” Policy: MPOs must become educated consumers of insurance. They must work with their brokers to go beyond generic public entity packages and articulate their unique risk profile to underwriters. The goal is to secure coverage that explicitly affirms protection for their core professional services: planning, modeling, forecasting, and data analysis. This may take the form of a standalone E&O policy or a specific, manuscripted endorsement on their POL policy that deletes the professional services exclusion for these defined activities.
4. Clarify the “Insured vs. Insured” Clause: This is a non-negotiable point of clarification. The MPO must obtain a definitive, written answer from its insurer regarding whether lawsuits brought by its own member jurisdictions are covered. If the standard exclusion would bar such coverage, the MPO must negotiate an amendment or endorsement to carve out an exception for non-collusive claims from member governments. An MPO without this protection has a gaping hole in its liability shield.
5. Formalize Inter-MPO “API Contracts”: For the many MPOs operating in complex, multi-MPO regions, informal cooperation is insufficient.²⁴ They should establish formal Memorandums of Agreement (MOAs) with their neighboring MPOs. These agreements should function as “API-to-API” contracts, defining clear protocols for data sharing, establishing consistent planning assumptions, and creating a formal dispute resolution process.²⁵ This formalizes the relationship and provides a mechanism to resolve conflicts before they escalate into costly litigation, streamlining coordination for the state DOT in the process.²⁴

---

Table 2: MPO Insurance Portfolio Review Checklist

This checklist provides a practical tool for MPO Executive Directors and Risk Managers to conduct a high-level review of their insurance program with their broker or agent.

It translates the complex risks identified in this report into a series of direct questions designed to uncover critical coverage gaps.

Coverage Area	Key Question	Yes/No	Notes / Follow-Up Action
Public Officials Liability (POL/PEML)	Does our policy contain a Professional Services Exclusion?		If Yes, see Professional Liability section.
	Does our policy definition of “Wrongful Act” explicitly include decisions related to planning, zoning, and forecasting?		Request clarification from underwriter.
	Does the Insured vs. Insured exclusion apply to lawsuits brought by our member jurisdictions?		If Yes or Unclear, demand a clarifying endorsement. This is a critical vulnerability.
Professional Liability (E&O)	Do we have a standalone E&O policy or a specific “write-back” endorsement on our POL policy that covers financial loss from our planning activities?		If No, this is the MPO’s single greatest insurance gap. Prioritize securing this coverage.
	Does the E&O coverage specifically name activities like LRTP/TIP development, fiscal constraint analysis, and travel demand modeling as covered professional services?		Review the policy’s definition of “Professional Services.”
Contractual Liability	Does our policy provide coverage for liability we assume under our interlocal agreement with member governments?		Review the contractual liability exclusion and any exceptions.
Cyber Liability	Do we have a standalone Cyber Liability policy (not just a limited extension on another policy)?		If No, obtain quotes for a standalone policy.
	Have we quantified our potential financial loss from a 48-hour ransomware attack (including business interruption and data restoration), and is our limit adequate?		Conduct a business impact analysis to determine appropriate limits.
General Liability (GL)	Does our policy contain a “Faulty Workmanship” or similar exclusion that could be interpreted to apply to our planning documents?		Seek clarification on how this exclusion would apply to non-physical “work” like a plan.

---

Conclusion

The story of the failed light rail project that began my career was not a story about bad luck or simple incompetence.

It was the story of a broken contract.

It was the predictable result of a system that failed to appreciate its own complexity, a system whose technical “code” was flawed, whose “authorization” protocols were strained, and whose “Service Level Agreement” was nonexistent.

Viewed through the paradigm of the API Contract, that disaster was not inevitable.

It was preventable.

Had the MPO’s leaders rigorously audited their contractual terms, stress-tested their financial forecasts, and secured an insurance program that truly matched their unique risk profile, the billion-dollar detour could have been avoided.

The promise to the community could have been kept.

This framework is ultimately a message of empowerment.

By understanding their true function as the architects and guardians of a complex, living contract, MPOs can transform themselves.

They can move from being fragile bureaucracies, vulnerable to technical errors and political whims, to become resilient, reliable, and trustworthy engines of regional progress.

The work is not easy, but the mandate is clear: build a contract worthy of the public’s trust, and then, and only then, can you truly build the future.

Works cited

1. FAQs • What is a Metropolitan Planning Organization (MPO)? – HRTPO, accessed August 13, 2025, https://hrtpo.org/FAQ.aspx?QID=82
2. Metropolitan Transportation Planning: Executive Seminar, accessed August 13, 2025, https://www.planning.dot.gov/Documents/MetroPlanning/metroTrans.htm
3. www.adobe.com, accessed August 13, 2025, https://www.adobe.com/acrobat/business/hub/what-s-included-in-an-api-contract.html#:~:text=An%20API%20contract%20is%20needed,different%20systems%20can%20work%20together.
4. What is an API? – Application Programming Interfaces Explained – AWS, accessed August 13, 2025, https://aws.amazon.com/what-is/api/
5. What is an API contract? – Criteria, accessed August 13, 2025, https://criteria.sh/blog/what-is-an-api-contract
6. Metropolitan planning organization – Wikipedia, accessed August 13, 2025, https://en.wikipedia.org/wiki/Metropolitan_planning_organization
7. About – Metropolitan Planning Organizations – MnDOT, accessed August 13, 2025, https://www.dot.state.mn.us/planning/mpo/about.html
8. What Everyone Should Know About the MPO – Jonesboro.org, accessed August 13, 2025, https://www.jonesboro.org/DocumentCenter/View/6817/What-Everyone-Should-Know-About-the-MPO-
9. MPO Functions | vampo – Virginia Association of Metropolitan Planning Organizations, accessed August 13, 2025, https://www.vampo.org/mpo-functions
10. Metropolitan Planning Organizations Make Decisions About Transportation Options Nationwide, but They Rarely Represent All Their Constituents. | Urban Institute, accessed August 13, 2025, https://www.urban.org/urban-wire/metropolitan-planning-organizations-make-decisions-about-transportation-options
11. The API Contract: Bridging the Gap Between Backend and Frontend Development. | by Harut Abgaryan | Medium, accessed August 13, 2025, https://medium.com/@harutyunabgaryann/the-api-contract-bridging-the-gap-between-backend-and-frontend-development-3074effc642b
12. API Contracts – System Design – GeeksforGeeks, accessed August 13, 2025, https://www.geeksforgeeks.org/system-design/api-contracts-system-design/
13. Metropolitan Planning Organizations: Options Exist to Enhance Transportation Planning Capacity and Federal Oversight – GAO, accessed August 13, 2025, https://www.gao.gov/products/gao-09-868
14. API Security through Contract-Driven Programming – Software Engineering Institute, accessed August 13, 2025, https://www.sei.cmu.edu/blog/api-security-through-contract-driven-programming/
15. FAQs • What does a Metropolitan Planning Organization (MPO) – Jonesboro.org, accessed August 13, 2025, https://www.jonesboro.org/Faq.aspx?QID=253
16. Long-Range Transportation Plan of the Boston Region Metropolitan Planning Organization, accessed August 13, 2025, https://www.ctps.org/data/html/plans/LRTP/destination/Destination-2040-LRTP-20191030.html
17. FAQs • What is a long-range transportation plan? – Southside Network Authority, accessed August 13, 2025, https://www.southsidenetworkauthority.com/FAQ.aspx?QID=84
18. Small MPO Funding, accessed August 13, 2025, https://mdl.mndot.gov/_flysystem/fedora/2023-01/trs1103.pdf
19. MPO Role & Responsibilities – Southeastern Wisconsin Regional Planning Commission, accessed August 13, 2025, https://www.sewrpc.org/About-Us/MPO-Role-and-Responsibilities
20. Transportation Planning Roles & Responsibilities – Metropolitan Council, accessed August 13, 2025, https://metrocouncil.org/Transportation/Planning-2/Transportation-Planning-Process/Roles-Responsibilities.aspx
21. 23 CFR Part 450 Subpart C — Metropolitan Transportation Planning and Programming – eCFR, accessed August 13, 2025, https://www.ecfr.gov/current/title-23/chapter-I/subchapter-E/part-450/subpart-C
22. MPO Staffing and Organizational Structures – Transportation Planning Capacity Building, accessed August 13, 2025, https://www.planning.dot.gov/documents/MPOStaffing_and_Org_Structures.pdf
23. Metropolitan Planning Organizations and Health 101: The Nuts and Bolts of Regional Transportation Agencies – | Safe Routes Partnership, accessed August 13, 2025, https://www.saferoutespartnership.org/sites/default/files/resource_files/100219-srs-kp-101-report-final.pdf
24. Multi-MPO Planning: A Transportation Practitioner’s Guide – Federal Highway Administration, accessed August 13, 2025, https://www.fhwa.dot.gov/planning/megaregions/reports/practitioners_guide/
25. MPO-Coordination-Final-Rule-1.pdf – AMPO | Association of Metropolitan Planning Organizations, accessed August 13, 2025, https://www.ampo.org/wp-content/uploads/2016/11/MPO-Coordination-Final-Rule-1.pdf
26. Multi-MPO Planning: Prospects and Practices – American Planning Association, accessed August 13, 2025, https://www.planning.org/pas/memo/2020/may/
27. The Role of Interregional Issues in Multi-MPO Collaboration – Reports – Megaregions – Planning – FHWA – Department of Transportation, accessed August 13, 2025, https://www.fhwa.dot.gov/planning/megaregions/reports/mpo_wp1.cfm
28. Public–private partnership – Wikipedia, accessed August 13, 2025, https://en.wikipedia.org/wiki/Public%E2%80%93private_partnership
29. A smarter way to think about public–private partnerships | McKinsey, accessed August 13, 2025, https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/a-smarter-way-to-think-about-public-private-partnerships
30. Government Objectives: Benefits and Risks of PPPs Public Private Partnership, accessed August 13, 2025, https://ppp.worldbank.org/overview/ppp-objectives
31. Risks in Public-Private Partnerships: Shifting, Sharing or Shirking? – ResearchGate, accessed August 13, 2025, https://www.researchgate.net/publication/261582790_Risks_in_Public-Private_Partnerships_Shifting_Sharing_or_Shirking
32. Exploring Risk Factors Affecting Sustainable Outcomes of Global Public–Private Partnership (PPP) Projects: A Stakeholder Perspective – MDPI, accessed August 13, 2025, https://www.mdpi.com/2075-5309/13/9/2140
33. Mastering the Risky Business of Public-Private Partnerships in Infrastructure, accessed August 13, 2025, https://www.imf.org/en/Publications/Departmental-Papers-Policy-Papers/Issues/2021/05/10/Mastering-the-Risky-Business-of-Public-Private-Partnerships-in-Infrastructure-50335
34. Emphasis Areas: Emerging Mobility – Martin MPO, accessed August 13, 2025, https://martinmpo.com/emphasis-areas/emerging-mobility/
35. Center for Excellence on New Mobility and Automated Vehicles Project | US Department of Transportation, accessed August 13, 2025, https://www.transportation.gov/grants/dot-navigator/center-excellence-new-mobility-and-automated-vehicles-project
36. Navigating Liability in the Age of Autonomous Vehicles, accessed August 13, 2025, https://www.wshblaw.com/publication-navigating-liability-in-the-age-of-autonomous-vehicles
37. Autonomous Vehicles | Self-Driving Vehicles Enacted Legislation – National Conference of State Legislatures, accessed August 13, 2025, https://www.ncsl.org/transportation/autonomous-vehicles
38. Products Liability and Driverless Cars: Issues and Guiding Principles for Legislation, accessed August 13, 2025, https://www.brookings.edu/articles/products-liability-and-driverless-cars-issues-and-guiding-principles-for-legislation/
39. “Brave New World: Liability in Autonomous Vehicle Age,” Industry Today – Swift Currie, accessed August 13, 2025, https://www.swiftcurrie.com/newsroom-publications-Brave-New-World-Liability-in-Autonomous-Vehicle-Age-industry-today
40. 5 Common Gaps in Commercial Insurance That Could Cost Your Business, accessed August 13, 2025, https://blog.myarnoldteam.com/straight-talk/5-common-gaps-in-commercial-insurance-that-could-cost-your-business
41. Common business insurance gaps | Chubb, accessed August 13, 2025, https://www.chubb.com/us-en/businesses/resources/common-business-insurance-gaps.html
42. Insurance for Municipalities | Travelers Insurance, accessed August 13, 2025, https://www.travelers.com/business-insurance/public-entities/municipalities
43. Public Entity Insurance | Chubb, accessed August 13, 2025, https://www.chubb.com/us-en/business-insurance/industries/public-entity-insurance.html
44. Public entities – Liberty Mutual Business Insurance, accessed August 13, 2025, https://business.libertymutual.com/industries/public-entities/
45. Insurance for Public Entities – Great American Insurance Group, accessed August 13, 2025, https://www.greatamericaninsurancegroup.com/business-insurance/industries/public-entity-insurance
46. Public Entity Management Liability Insurance | Travelers Insurance, accessed August 13, 2025, https://www.travelers.com/business-insurance/professional-liability-insurance/public-entity
47. Municipalities & Public Entities Insurance – NFP, accessed August 13, 2025, https://www.nfp.com/industries/municipalities-and-public-entities/
48. CGL Exclusions Common to Construction-Related Claims – Amwins, accessed August 13, 2025, https://www.amwins.com/resources-insights/article/cgl-exclusions-common-to-construction-related-claims-4-17
49. Performance-Based Planning and Programming from the MPO Perspective A White Paper, accessed August 13, 2025, https://ampo.org/wp-content/uploads/2022/11/PBPP_WhitePaper.pdf
50. Plan for the Settlement of Jurisdictional Disputes in the Construction Industry Including Procedural Rules and Regulations – North America’s Building Trades Unions, accessed August 13, 2025, https://nabtu.org/wp-content/uploads/2017/03/Plan-for-the-Settlement-of-Jurisdictional-Disputes-Effective-May-1-2011.pdf