Company directors and officers are increasingly exposed to emerging risks such as cyber incidents or data privacy, rising regulatory and shareholder activism and the influence of third party litigation funders, reports insurer Allianz Global Corporate & Specialty.
AGCS, a leading provider of directors’ and officers’ (D&O) liability insurance globally, says that corporate leaders are under more pressure than ever of falling foul of investigations, fines, or prosecution over alleged wrongdoing.
“Directors and officers are walking a managerial tightrope as executive liability continues to increase annually,” claim the authors of its newly-published report, ‘D&O Insurance Insights: Management liability today’. There is a growing trend towards seeking punitive and personal legal action against executives for failure to follow regulations and standards which could result in costly investigations, criminal prosecutions or civil litigation putting the company’s assets, or their own, at risk,
“While the legal landscape differs strongly from country to country, increasing shareholder or regulatory action has become a global phenomenon that needs to be given top priority within companies’ internal risk management departments,” says Bernard Poncin, AGCS’s global head of financial lines.
Litigation costs spiral
The group reports that non-compliance with laws and regulations was the top cause of D&O claims by number in the five years 2011 to 2016, followed by negligence and maladministration/lack of controls.
The average D&O claim for breach of duty costs over US$1m, although in large corporate liability cases D&O claims can be valued in the hundreds of millions of dollars. AGCS observes a general trend for D&O claims to be dismissed or resolved more slowly, meaning lengthier litigation, increased defence costs and higher settlement expectations.
As an example, the average US securities class action case takes from three to six years to complete while legal defence costs average around US$10m, rising to US$100m for the largest cases.
Over the past six years, defence costs in the US have almost doubled for large D&O claims. The influence of third party litigation funding is also changing the global litigation map, having become pivotal in the development of collective actions against financial institutions and commercial entities and their directors and officers.
Turning up the heat
Management in the UK could in future be prosecuted for failure to prevent fraud by staff. In a speech to the Cambridge International Symposium on Economic Crime last September, the Attorney General, Jeremy Wright, reiterated prime minister Theresa May’s priority of expanding economic opportunities – meaning businesses “of all sizes” should be better held accountable for their failures. He also restated the intention to consult on extending the criminal offence of ‘failure to prevent’ to other economic crimes, such as fraud and money laundering so that firms are properly held to account for criminal activity that takes place within them.
“If a new corporate offence of failing to prevent economic crime is introduced in the UK, it will represent a huge expansion in corporate criminal liability,” said Terry FitzGerald, AGCS’s head of commercial D&O and financial institutions, UK.
“Although these particular reforms are focused on corporate liability, there is, of course, a broader drive to hold individuals accountable in the event of criminal conduct or regulatory breaches at their companies. In recent years, increasing emphasis has been placed on personal accountability across all business sectors, with deferred prosecution agreements [DPAs] now a means to further increase cooperation with regulators and encourage best practice. Reform in this area could ultimately have a fundamental impact on the risks faced by senior executives.”
AGCS adds that the risks and potential liabilities of senior executives have never been greater, as litigation against companies and their officers increases. In the US, the number of security class action filings is rising and, after the first half of 2016 – when 119 new federal securities class action cases were filed – was on course for its highest annual total for 12 years.
Many Asian countries such as Japan, Hong Kong, Thailand and Singapore are also moving towards a more litigious culture. In Europe, the increase in D&O claims has been particularly evident in Germany where the number of D&O claims for AGCS alone has tripled in the past 20 years.
Cyber risks on the board agenda
The landscape for executives is further complicated by various emerging perils, such as liability around cyberattacks and data privacy. In the US, several class actions have already been filed related to data breaches. Data protection rules around the world are becoming increasingly tough, with severe penalties for non-compliance.
AGCS anticipates cyber security-related D&O litigation more widely in the US, but also in Europe, the Middle East and Australia should any failure to protect data or a lack of controls reveals negligence. “Many directors used to see cyber as an IT issue and not an exposure for the board to consider,” said Emy Donavan, AGCS’s regional head of cyber liability North America. “But there is no escaping cyber risks and directors need to be adequately informed, otherwise they will leave themselves exposed.”
Other new management risks include negative disclosures or allegations around environmental pollution, climate change and modern slavery, which could result in reputational risks and shareholder activism, public outcry or governmental action.
Merger and acquisition (M&A) deals continue to be a key driver of D&O litigation and is predicted to continue at rapid pace in future. “M&A, but also divestitures, belong to the more riskier moments in the life of a company,” says Poncin. “Expectations are always high, and synergies are easier planned than realised.”
Sophisticated risk management required
The report concludes that to tackle the increase in executive risk, directors need to develop a highly-sophisticated risk management culture. Examples include instilling first-class cyber and IT protection, keeping records of all information relevant to a managerial role and maintaining open communication with authorities, investors and employees.
Executives should ask tough questions about compliance related topics such as sanctions, embargoes, domicile registrations, price-fixing and fraud and also learn more about “classic” D&O exposures such as M&A, capital measures and initial public offerings (IPOs). The report contains best practice advice and checklists outlining how executives can mitigate risk.
D&O insurance has become a regular part of companies’ risk management in the past 20 years, says AGCS. It provides financial protection for managers against the consequences of actual or alleged “wrongful acts”. Common D&O risk scenarios include human resource (HR) issues, shareholder actions, reporting or disclosure errors. Coverage does not include fraudulent, criminal, or intentional non-compliant acts or cases where directors obtained illegal remuneration, or acted for personal profit.
When it comes to the relationship between Europe and Britain – uniformity isn’t a word that currently springs to mind. And that’s not just a reference to Brexit. Whilst the Europe and Britain do find themselves in the midst of a political break-up – their monetary policies are also showing signs of divergence.
Europe’s introduction of the General Data Protection Regulation (GDPR) next May will have implications for businesses around the world and US corporates should start getting ready if they haven’t already done so.
The recent NotPetya cyberattack underlined the need for organisations to address their exposure and how to mitigate the risk.
As anticipated, US organisations exited prime money market funds en masse following last year’s SEC reforms. AFP’s latest Liquidity Survey indicates what it will take to encourage them back.