The purpose of this Airmic guide is to consider:
Much has changed since the Airmic Guide to Directors and Officer Insurance was published in 2012. The risk environment internally and externally has changed materially in recent years and continues to change at an escalating pace. Specifically, more demanding governance responsibilities, new regulations and evolving risk challenges have informed this new and updated Guide. The risk manager must address a world of more complex and connected risks and the challenges this presents.
Risk managers, especially those operating in a multinational environment, face a growing raft of compliance responsibilities, indicative of an increasingly unforgiving regulatory environment. Investigations are taking longer, fines and penalties are rising and in many instances, regulators have demonstrated their ability to work together across borders to achieve significant outcomes.
Where regulators have limited resources, whistle-blowing and self reporting is being encouraged. In the UK, Deferred Prosecution Agreements (DPAs) were introduced by the Crime and Courts Act 2013 as a means through which an organisation could avoid prosecution for economic offences by entering into an agreement on negotiated terms. However, such self reporting does not protect directors and officers from future prosecution (see case study box).
Since the Global Financial Crisis (GFC), there has been increased scrutiny on the decisions and culpability of senior management. Post-crisis there was a sense that the individuals behind the problems leading to the crisis had not been held to account. Since that time, regulators such as the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) in the US, and the Financial Conduct Authority (FCA) in the UK have indicated an intent to focus more on the activities of individuals.
Claims statistics show a steady rise of ex-US shareholder action against European directors and officers
One of the more common questions for senior managers in the post-GFC world is whether sufficient systems and controls are in place to prevent wrongdoing or errors from occurring. This has been enshrined within new laws.
In the UK, for instance, the Senior Managers Regime published by the FCA requires senior individuals within financial institutions to demonstrate they are taking reasonable steps to do the right thing. Proposals are currently underway to extend the regime to nearly all regulated firms. In the US, the Yates Memo published by the DOJ focuses on individual misconduct in corporate organisations. Recent company failures have also put senior management conduct in the spotlight.
Data Protection law also comprehensively changed when the European Union General Data Protection Regulation (GDPR) came into force in 2018. The purpose of the law is to protect individual privacy by placing increased responsibility on organisations that collect, store or use personal data relating to EU and UK citizens. To ensure that data protection becomes a board-level issue, the penalties for non-compliance are strict - up to 4 per cent of global turnover. In the event of non-compliance, as well as a company’s reputation being at stake, its directors could face criminal charges, or suits from company shareholders alleging that they failed to exercise reasonable care and diligence.
Furthermore more generally, shareholder plaintiffs are using a company’s cybersecurity practices as a foundation for asserting allegations against the company’s directors and officers in the wake of a data breach disclosure, and with corresponding drop in the company’s stock price.
While the tort environment remains the most punishing in the US, litigiousness is spreading globally, evidenced by the latest wave of collective actions across Europe. In 2013, the European Commission published a recommendation that those Member States that had not yet done so, adopt a framework for collective redress by no later than 11 June 2018.
Claims statistics show a steady rise of ex-US shareholder action against European directors and officers. This is partly driven by an increase in litigation funding throughout Europe, which migrated from Australia, where it has been very successful. Litigation funding is provided to claimants in return for either a multiple of the funds advanced or a percentage of recovery, if the litigation or arbitration is successful.
Litigation funding has been behind some of the largest non-US D&O claims in recent years. The net effect of this is that, if claimants have a strong case it makes it much easier (and less risky) to pursue claims. There is also potentially an increase in claims severity, as funder-supported claimants are more likely to pursue companies and their directors more aggressively.
Meanwhile, an era of social media and instant communication can make or break reputations or send share prices spiralling. The new Gender Pay Gap reporting rules may also have an impact on a company’s reputation (see Gender Pay Gap Reporting Box) This, along with the rise of activist shareholders, litigation funders and collective action frameworks, are producing enhanced exposures for companies and their directors. In addition, issues arising from mergers and acquisitions (M&A), employment liability and cyber risks means directors and officers of organisations are exposed D&Os to litigation in a way they were not in the past.
The FRC Corporate Governance Code places the onus firmly on the board of directors to set the appropriate tone for their organisation and to take on greater personal accountability. Issues such as risk and company viability, workforce interaction, culture, executive pay, board composition and duration of board tenure have risen up the agenda and all the while the corporate world continues its steady march towards a more globalised and interconnected operating environment.
In this more complex, uncertain and risky world, organisations are less immune from global upheavals on the other side of the world. Multinational exposures have never been more relevant to management liability and there has never been a greater need for consistency in an organisation’s global approach to managing, mitigating and transferring their management liability risks.
By partnering with AIG and Marsh to produce the guide, Airmic intends to equip risk managers with the information, tools and guidance they need to address the liabilities of the directors and officers of their organisation.