In a world of increasing internet and social media use, the public, shareholders and even company employees can monitor bosses’ actions and call for accountability. Liz Booth reports…
This year has seen some rough seas — at least from a directors’ and officers’ (D&O) liability perspective,” states Willis Towers Watson in its latest review of the sector.
The reasons behind this are myriad but one thing is clear: directors and officers are on the public stage, no matter what their sector or where they are based, courtesy of ever greater transparency via the web.
No longer can senior directors hide behind their corporate towers. Remember the bleak days immediately after the collapse of the banking system back in 2008? Tour operators were running tours of the glitzy homes of senior banking directors, for those who had suffered as a direct result of the crisis.
Although less blatant, the sentiment is unchanged. Directors and officers need to behave better than ever before and to remember that they will be held to account for bad decisions and any wrongdoing.
So no wonder then, that Willis Towers Watson reports: “Securities class action filing activity grew to more than one third higher than the 10-year securities class actions filing average. When considered along with several huge settlements announced this year, the heightened activity could mean rising D&O claim tides.”
It does also see some good trends: “[This year] offers a few rays of sunshine. Last year’s first-half drop in derivative filings from 131 to 87 (34%) has been followed in 2016 by a drop of 31% – from 87 to 60 derivative shareholder actions. Also, merger objection claims are down 17% to 87.”
However, looking at a longer period, Marsh says the overall direction is upwards in terms of claims. It states: “Between 2005 and 2007, we recorded between 200 and 300 D&O claim notifications annually. With the onset of the financial crisis, we saw a sharp increase of around 75% from 2007 to 2008. Claims volumes continued to rise in the following years and have not returned to pre-crisis levels.”
It adds: “On average, we currently record around 1,300 D&O claim notifications each year from our clients. It must be borne in mind that over this time period there has also been a larger uptake of D&O policies, which may explain part of the increase seen. Nonetheless, regardless of the number of policies, the claims volume remains some four times higher than pre-financial crisis levels.”
And Willis Towers Watson is not overoptimistic for the future either. It states: “With the tough economic environment – made a bit tougher by the UK’s decision to leave the EU – continued heightened volatility is likely. Prepare for a continuing trend of heightened securities class action filing activity. The data from the first half of 2016 suggests we can expect securities class actions to remain the predominant driver of D&O claim severity.”
Securities class actions are far from the only driver of D&O claims. Marsh reports there has been a general, albeit slow, shift among EU member states towards class or collective actions.
Since the EU introduced conducive regulations, Marsh says some member states have gone further than others. It points to, for example, the UK’s Consumer Rights Act (2015), which now allows a representative body to bring a claim on behalf of a class of people.
“Although by no means a common feature in Europe, there is a definite move towards class actions and, as the legal systems mature, we expect to see more claims made on this basis, particularly by shareholders.
“Aside from the evolution of the legal systems, certain well publicised issues in the financial sector have increased the sentiment among those affected (and those that represent them) that class actions are the most appropriate method of seeking redress.”
Another potential driver of increasing claims is cyber security. In the wake of a major breach, shareholders are likely to ask tough questions of their senior management. However, research from Deloitte last year suggested cyber security issues are still not being given sufficient attention.
It found 49% of global boardroom directors were not discussing cyber security as part of their technology agenda. It also found 27% did not discuss the risk at all. Deloitte warns: “Failure to take preventative measures to protect against breaches in security poses a huge risk to organisations.”
Marsh agrees: “Global companies often have multiple regulatory regimes to take into account when determining their legal obligations. Management boards should develop cyber strategies which take these legal obligations into account.
“However, it is becoming clear that such strategies must be more than a box-ticking exercise – the management of cyber risk is now an intrinsic part of day-to-day life for many management boards.
“A director may breach their fiduciary duty to the company and its shareholders if they fail to implement any reporting or information system or controls; or having implemented such a system or controls, consciously fail to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention.”
Markel explains: “The need for cyber security doesn’t broaden the duties of directors defined in the Companies Act 2006. However, it is yet another way in which a breach of duty may manifest itself.”
The writing is on the wall (or at least the screen) for directors and officers.
cyber risks and D&O
To provide suitable protection from cyber risk, a D&O policy should ideally provide cover in the following areas:
Investigation costs: regulatory investigations arising out of a cyber incident and at full policy limits
Insured individuals: all persons who are involved in significant cyber-related decisions and implementation on behalf of the company
Investigation of cyber circumstances : costs incurred investigating any circumstance resulting from a cyber event where litigation is anticipated
Allocation: clear demarcation between the entity and the individual. The loss attributable to the directors should be allocated appropriately
Shareholder actions: shareholder actions against the company which arise as a result of a cyber-related incident
Reputational damage costs for directors: costs of mitigating any reputational injury resulting from a cyber incident
Things clients should be doing with D&O policies generally:
Review limits adequacy: Intense competition among insurers has brought premiums to historic lows.
Harness analytics: By considering alternate possible futures, clients may develop greater insights into risk and a broader view of potential losses than from a one-and-done static review or peer benchmarking.
Update loss cost data: Update loss cost driver information – with top firms charging as much as $2,000 an hour (a 25% spike over the prior year’s top rate), the cost of resolving claims and responding to investigations may be considerably higher this year.
Review policy wording: D&O insurance is not a uniform commodity. Subtle wording differences can have a profound impact on outcomes. In this competitive market, best-in-class policy wording may not cost more and some markets have become far more willing to discuss wording changes.
Consider material coverage enhancements: As carriers look to grow in the wake of successive years of premium decline, pockets of opportunity to get more coverage may develop. Although an increased premium may be associated with some enhancements, the risk transfer value proposition may far outweigh the modest incremental cost.
Recent hurricanes Harvey, Irma and Maria have been part of an unprecedented year for natural catastrophes, with earthquakes in Mexico only adding to the woe.
Liz Booth examines two recent incidents that have raised the stakes on cybersecurity.
Liz Booth examines the fallout from the recent WannaCry cyber attack and sees how the insurance industry would have coped had more firms been insured.