Directors and officers have their work cut out to keep up with the threats both they and their companies face. Yet against this backdrop of evolving risks, AIG's survey of risk managers conducted with Airmic Governance - The Value of Boardroom Engagement earlier this year revealed a sharp disconnect between rising liabilities and boardroom awareness. Only 18% of respondents believe that their leaders are aware of the personal liabilities they face and just 14% have read and understood their D&O insurance policy. So, where on the horizon should directors be looking in term of liabilities?
In terms of traditional D&O claims, AIG's data show that the largest volume of claims in the UK/Europe still comes from insolvencies, although this number has been decreasing as we get further away from the 2008 global financial crisis. However, given the spate of high-profile businesses going into administration in recent months, and the ongoing uncertainty around Brexit, there is the distinct possibility - in the UK at least - that more company leaders will be in the spotlight should their businesses come under increasing financial pressure and ultimately be unable to continue trading.
The cost of D&O claims continues to rise as legal fees increase sharply, with partner rates in some cases reaching $1500 an hour. In 2018, defence costs for bribery and corruption claims accounted for approximately one third of the most expensive claims paid by AIG in UK/Europe. We are also seeing the continued growth of collective shareholder actions in non-US courts, as well as a sustained increase in US shareholder class actions being brought against foreign firms. A case involving Japanese company Toshiba, which is not listed on a US stock exchange, is noteworthy. Following an accounting scandal in Japan, a number of the company's senior leaders were dismissed. A US securities class action was brought but was dismissed, given the lack of connection to the US. However, that decision was overturned on appeal, and sets an important precedent.
Company boards also have to keep track of an emerging type of claims, which is known as event-driven litigation. These can stem from a variety of sources. For example, there has been a spike in claims resulting from the #metoo movement, where allegations may include claims that directors and officers allowed a toxic culture to take hold and endure within their companies. Elsewhere, where the wildfires in California were blamed on downed power lines, this has resulted in D&O claims being brought against utility companies. Other areas where we may see event-driven litigation include energy companies for climate change related issues, pharmaceutical companies in the wake of the opioid crisis and claims arising from privacy issues.
Eye on cyber
It is cyber, however, that is probably the most high-profile category of financial lines claims - with significant movements both in frequency of claims and their causes. From the AIG/Airmic survey we can see that 68% of the risk professionals who responded stated that cyber security was the topic of most concern in the boardroom. AIG data showed a 58% increase in European cyber claims in 2018, and a dramatic shift in the cause of loss, with business email compromise accounting for a quarter of all data breaches. Somewhat worryingly, employee negligence levels have doubled, and we continue to see social engineering fraud as a cause of loss. The type of industry in the firing line has remained quite consistent. Professional services companies account for the highest number of claims with 22%, ahead of financial services with 15%.
GDPR is also having an impact, helping to drive up the cost of claims with companies being overly cautious in their reporting. The Information Commissioner's Office (ICO) has said that a third of incidents reported do not meet the threshold. While there were around 800 notifications to the ICO in the first year under GDPR, fewer than 10 fines were issued, but this should not be a signal for complacency, given the recent high-profile fines announced in the UK.
Looking ahead, with risks associated with geopolitical tensions, digital transformation, climate and environmental disruption expected to become harder to manage over the next three years, company directors need to maintain a 360-degree view of both established and emerging threats. Failure to do so could lead to severe operational, reputational and financial implications for them and their companies.
Focussing on internal education
In this current environment effective risk mitigation is key, as is making best use of D&O insurance to protect directors. We have already seen from this research that more needs to be done to ensure directors are aware of their liabilities and understand their D&O policies. There is also confusion about how D&O policies may respond, with 50% of survey participants unsure about whether policies pay out more in defence costs (this is the case), or for indemnity. With defence costs taking centre stage, it is concerning that only 18% of those surveyed are confident there is a clear process in place for who (which director) gets paid first under their policy. Significant payments of defence costs can lead to policy limit exhaustion without the right strategy.
Working with an experienced D&O insurer can also provide expert guidance regarding the claims process, insights to help reduce the personal exposure of individuals, tactics to contain costs and access to specialist knowledge when required.
For further information on best practice in managing D&O liability please see the Airmic technical guide, produced in partnership with AIG and Marsh.
Noona Barlow is head of International Financial Lines and UK Claims at AIG.
Read and understand the impact of the FRC's latest UK Corporate Governance Code
Identify and regularly review the potential new sources of the personal liability faced by the organisation's directors and officers
Engage the c-suite and the board from the beginning about D&O risk assessment and insurance issues
Design and communicate a clear notification and claims management process in the event of a claim
Review the risk profile, notification process and coverage as directors and officers change