Increasing regulation, the GDPR and Brexit are all putting directors at higher risk of investigation than ever before. Sam Barrett explains why cover is essential.
Few directors would dispute that it's tough at the top, especially as the regulatory focus increasingly shifts to the individual rather than the company. Against this backdrop, having the right cover is essential.
The findings of Directors liability: Entering unchartered territory, the annual survey conducted by Willis Towers Watson and Allen & Overy, highlight the issues senior executives are facing. It found that a third of respondents had experience of a claim or investigation involving a director of their company, up from 27% a year before. "Other trends have come into the top five such as extradition and the Bribery Act but the risk of regulatory investigations has remained the top concern for directors since the report began in 2011," explains Joanna Page, a partner at Allen & Overy. "There's much more focus on directors' personal accountability now."
The financial services sector is a good example of this. The Senior Managers and Certification Regime (SMCR) came into force in March 2016, putting the spotlight on the senior executives within banks, building societies and investment firms.
While there are still only a handful of investigations underway, it has helped to set the tone across the sector. For example, the number of investigations the Financial Conduct Authority (FCA) has opened against individuals has increased from 62 in 2015 to 152 in 2016.
Francis Kean, executive director at Willis Towers Watson, says there has been a marked shift in the regulator's stance. "It's much more likely to place an individual under investigation, without there necessarily being the evidence that would lead to enforcement," he explains. "It wants to get directors to take the regime more seriously."
The number of investigations could be on the up too. While the SMCR only applies to about 900 firms, its remit is being extended to all 47,000 FCA authorised firms at some point in 2018/2019.
New risks are emerging too, with both cyber and data protection issues on directors' agendas. "It's no longer an IT issue, it's a board issue," says Lawson Caisley, partner at Allen & Overy. "The board is squarely in the crosshairs of the regulators and shareholders if it can't demonstrate it's taken responsibility for cybersecurity."
While TalkTalk's £400,000 fine from the Information Commissioner's Office in 2016 will have sharpened many directors' minds, the introduction of the General Data Protection Regulation (GDPR) next May will increase awareness still further. Under this, the cap on fines increases from £500,000 to 4% of global turnover.
However, George Melides, head of management liability at Zurich Insurance, says this might not be the case. "A recent report from Forresters suggested that 80% of
firms won't comply with GDPR when it's introduced, with half of these intentionally taking this position having weighed up the cost and risk of compliance," he explains. "Directors could leave themselves open to lawsuits."
What is particularly concerning, according to Mr Kean, is the fact that the UK government is looking to take directors' responsibilities around data breaches even further than the EU regulations. Section 177 of the Data Protection Bill 2017 refers to the responsibilities of directors and states that the individual will be liable alongside the corporate body where the offence has been committed with their "consent, connivance or neglect".
Political issues also feature among directors' concerns, with 38% of respondents pointing to Brexit as one of the most significant risks to their business.
Although there is still plenty of uncertainty around the shape of the business environment when the UK does leave, Andrew Coleman, an underwriter at QBE, says there is the potential for legal action. "Shareholders could turn to directors and say they haven't taken appropriate action for the new regime," he explains. "They must be able to show they've looked at the implications for the business."
Given the increased liability they face from all these risks, directors need the certainty that their insurance provides adequate protection. "Directors must ask the questions themselves," says Mr Kean. "The board often assumes the directors and officers (D&O) insurance is the company's responsibility, but they shouldn't just assume it'll be alright. The interests of the company and the individuals may not always be aligned, especially after a director's left."
Among the areas he highlights for directors' attention are how the D&O limit is shared; what protection a director would have after leaving the company; and, with the appetite for investigations on the up, what the trigger would be for cover for such an investigation.
Arranging cover may be about to get a little bit tougher too. While the market has been soft for many years, Mr Coleman says this is coming to an end. "We've had 10 years of premium decreases but the curve has flattened out over the last six to nine months," he explains. "It could be about to change.
TOP FIVE RISKS FOR DRIECTORS
- Regulatory and other investigations and inquiries
- Risk of data loss
- Criminal and regulatory fines and penalties
- Concerns in a post-Brexit landscape
Source: Directors liability: Entering unchartered territory, Willis Towers Watson, Allen & Overy