Risks facing directors & officers


Financier Worldwide Magazine

August 2014 Issue

August 2014 Issue

D&Os were traditionally shielded from personal liability for decisions taken in relation to the company, but a changing legal and regulatory environment means they can no longer hide behind the firm. Today’s D&Os face liabilities arising from investigations by increasingly active regulators; new legislation which imposes personal liability in a variety of contexts; increased shareholder activism; and claims brought by clients and customers, who are more likely to take action.

Snow: In what ways are the pressures exerted by regulators, creditors, customers and suppliers increasing the personal risks for D&Os in today’s business world?

Bouwman: The enlightened shareholder value approach is still largely accepted in most jurisdictions, in terms of which directors are required to act in the best interests of the company, and in so doing, their primary duty is to look after the collective interests of the shareholders. The interest of other stakeholders – such as employees, creditors, customers and suppliers – may be taken into account where this would ultimately be in the best interest of shareholders. There is, however, a growing trend for the actions of directors to be the subject of greater scrutiny by other stakeholders. In South Africa, for instance, a number of provisions in the South African Companies Act creates significant rights of oversight and participation in favour of employees and trade unions. Regulators such as the competition authorities and the courts may also in future play a greater role to enforce stakeholder interests.

Flockhart: Today’s legal and regulatory climate means that D&Os face greater scrutiny than ever before. D&Os face potential liabilities arising from investigations by increasingly active regulators; new legislation which can impose personal liability on directors or officers in a variety of contexts; increased shareholder activism, which has in recent years led to an increase in claims being brought against D&Os for breaches of duty; and claims brought by third parties, such as customers or clients of companies, who are increasingly willing to take action against those companies and the individuals who control them. This trend looks set to continue, particularly given the recent implementation of new collective redress mechanisms in a number of jurisdictions.

Dentice: Historically, the law has protected D&Os from personal liability for decisions taken in relation to the company. It has been a traditional principle that a company is a separate legal entity and that D&Os generally only owe duties to the company, not to shareholders and other third parties. This has meant that only the company can take action against D&Os for any breach of duty, and any damages recovered will be paid to the company. In recent years, however, we have increasingly seen new regulatory duties imposed directly upon D&Os and new avenues created by which D&Os may face civil claims from third parties including creditors, customers and suppliers. It is no longer as easy for D&Os to protect themselves behind the edifice of the company.

Feifel: In general, German law imposes a direct personal liability on D&Os for financial losses both as a consequence of decisions that cause harm to third parties, known as Aussenhaftung, as well as for damage done to the company itself, known as Innenhaftung. Oftentimes, German D&O claims are brought forward by the supervisory board members against the management board – known as insured vs. insured claims – because interpretation of the German law is that there is a legal duty for the supervisory board to sue executive directors if there is evidence of any breach of duty resulting in a financial loss to the company. Moreover, insolvency administrators and liquidators often try to enforce indemnification claims. Investigations relating to criminal proceedings are constantly increasing, which often have the potential to result in D&O claims at a later stage.

Morrison: Pressures from these constituencies have existed for years. The types of pressures and focus, however, tend to change over time. Today, for example, following the passage of Dodd-Frank, shareholders can voice their views concerning executive compensation through non-binding, advisory votes. Although non-binding, these ‘say-on-pay’ votes sometimes can result in litigation in which plaintiff shareholders allege that directors failed to properly disclose material information relating to the request for the advisory shareholder action concerning executive compensation. In addition, Dodd-Frank gave power to the Consumer Financial Protection Bureau (CFPB) to attempt to bring actions against directors and officers of non-depository institutions for alleged violations of consumer protection laws. These actions have included, for example, allegations of payments of unlawful bonuses to loan officers and to collecting loans in a manner that violated state laws.

Bark: The historic economic crisis that emanated from the financial collapse in 2008/09 has dramatically changed the way third parties perceive the responsibilities of D&Os. There is a much more direct correlation between the acts of D&Os, or the lack thereof, and the potential liability. Obviously, whenever people are losing money they go directly after the ones they believe are responsible for the loss or that have deep pockets. The most dramatic change, however, can be observed in the way regulators respond. There are mainly three trends that can be observed. First, regulators target individuals rather than only the legal entity. Second, regulators are more determined to achieve a punishment as they are now equipped with much more effective tools. Finally, regulators go international and collaborate across borders as much as the companies which they are watching over do.

The area where we see the strongest increase in new claims is in relation to regulatory investigations. This trend is likely to continue.
— Dominik Bark

Snow: Have any major themes underpinned recent claims against D&Os? What are some of the key sources of such claims?

Flockhart: Increased regulatory scrutiny is probably the most important development affecting the D&O claims landscape. Regulators are increasingly willing to take enforcement action against individual D&Os for alleged breaches of regulatory obligations. This is one of the legacies of the global financial crisis – a shift in public opinion has meant that, as well as punishing organisations, justice must be seen to be done to the people who control those organisations. The costs of defending regulatory enforcement actions can be very high and a director or officer will look to his or her D&O insurance cover to meet these costs.

Dentice: Most commonly, private law claims against D&Os will arise when a company is placed into liquidation or when there is a dispute between major shareholders. In the former case, a liquidator will assume control of the company and that liquidator will have a duty to assess the company’s rights of action against former D&Os and, if necessary, enforce those rights to recover money for the company’s creditors. In the latter case, a well-funded shareholder will often try to protect their commercial interests or exert pressure by threatening or taking a derivative action on behalf of the company against the company’s D&Os, notwithstanding that any damages recovered from the D&Os will be paid to the company. With the changes in the legal environment, there are now a variety of new ways in which private law claims against D&Os may be expected to arise. There is also now a wide range of possible regulatory action which may be brought against D&Os.

Feifel: It is difficult to provide a consistent answer here due to a lack of information available in the public domain; in most claims the parties involved reach an agreement. In general, regulation seems to be closely accompanied by a culture of increasing litigation, as it has become more popular in Germany to bring forward D&O claims not only in large, stock-traded companies. According to figures published by insurance company Markel, D&O claims are estimated to have risen from under €1bn in 2000-2001 to €3.5bn in 2013-2014. It needs to be kept in mind that there is always potential for internal recourse against insured persons through insured vs. insured claims, for fines having been imposed on the company.

Morrison: The Securities and Exchange Commission (SEC) recently has commenced enforcement actions against former audit committee chairpersons at several companies, focusing on director oversight responsibilities. Moreover, the SEC previously has noted that “risk oversight is a key competence of the board”. Thus, directors’ discharge of their fiduciary duties to oversee the company remains a theme for regulators and shareholders alike. The sources of such claims sometimes are found in fiduciary duty corporate law, or potentially the federal securities laws in connection with claims of recklessness.

Bark: The economic crisis resulted in a strong increase in company bankruptcies. This remains understandably the number one cause for D&O claims. Those can come in the form of securities class actions and have a severe financial impact on the individual D&Os and the company as well. In most cases the company won’t be able to indemnify its D&Os, which illustrates the importance of risk transfer. Next to that we see more shareholder derivative actions on behalf of the company targeting D&Os, which again results in a situation where the company will not be able to indemnify its D&Os. The amount of claims emanating from M&A activity remains high as shareholders feel misrepresented in selling or acquiring assets – especially in situations where a company has to sell assets fast in order to stay afloat. The area where we see the strongest increase in new claims is in relation to regulatory investigations. This trend is likely to continue.

Bouwman: Regulatory or court oversight is likely to become more prominent as two recent examples have shown. A director of a mining company was held personally liable as a result of environmental degradation and non-compliance with rehabilitation measures by the company. The director was given a sentence of five years’ imprisonment which was suspended for a period of five years on condition the director rehabilitates all the areas which were damaged by these mining activities within a period of six months. In another matter, a major construction company has, during the past year, been found liable for anticompetitive behaviour and fined by the competition authorities. The company involved has subsequently indicated it was in the process of assessing potential claims by the company against the responsible directors.

At least two decisions in 2014 from the Delaware Court of Chancery have permitted lawsuits alleging breaches of the fiduciary duty of loyalty to proceed to trial.
— Peter B. Morrison

Snow: Could you outline some of the ways in which the personal risk to D&Os have changed in recent years? What ‘new’ or emerging risks have entered the frame?

Dentice: One way in which the risks to D&Os are expanding is that the legislature is imposing new regulatory duties directly upon D&Os coupled with a right for third parties to claim for damages for any breach of those regulatory duties. For example, the new statutory regime requiring listed companies to disclose price sensitive information requires D&Os to ensure that proper safeguards exist to prevent the company breaching its disclosure obligations. D&Os who breach that obligation may face regulatory action in the Market Misconduct Tribunal or a private law claim for damages from any party who suffers loss as a consequence. Another way in which the risks to D&Os are expanding is that the legislature is creating new civil tribunals in which regulatory breaches may be ‘prosecuted’, such as the Market Misconduct Tribunal and the Competition Tribunal, where it is easier for the regulator to secure a ‘conviction’ and the imposition of penalties than the criminal courts.

Feifel: Apart from the rapidly changing regulatory environment, German D&O policies might not provide sufficient cover for cyber related risks which result from malicious intrusions due to employee negligence. Also, it can be challenging to foresee decisions made in this jurisdiction. Under German law an insurer can avoid insurance coverage on the grounds of deceit upon contract conclusion. As coverage denial has severe consequences for the insured persons, D&O insurers waive the right to avoid on the grounds of deceit in different ways in favour of the insured persons. In two decisions issued in 2011, the Federal Court of Justice determined for a different kind of insurance that the insurer may not waive the right to deny coverage on the grounds of deceit in advance. Against the backdrop of these new decisions, the question arises as to whether the market-standard waiver clause used in most D&O policies is effective and whether coverage is ensured for the insured persons in case of avoidance on the grounds of deceit.

Morrison: One emerging risk may involve cybersecurity. SEC Commissioner Luis A. Aguilar recently advised corporate boards to address cybersecurity, and that corporations fail to do so “at their own peril”. Noting recent cyber attacks at Target, Adobe and Snapchat, Aguilar cautioned that failure to implement a system to protect a company from cyber threats creates potential exposure. In fact, shareholder plaintiffs have already filed derivative lawsuits against officers and directors concerning alleged deficient cybersecurity systems.

Bark: In a very recent survey we undertook with a large number of financial institutions, the second most perceived risk to a company was cyber risk, closely after the risk of potential changes in regulation. The technological environment is changing faster than ever and represents a threat to companies and a clear increase in personal risk to D&Os. D&Os must ensure that their organisation complies with the different data privacy regulations across all the territories and jurisdictions in which they operate. The full extent of the implications of a data privacy breach on D&Os is yet to be determined. However, seeing the potential negative impact on the reputation of a company, and consequently on the valuation of a company, D&Os need to be watchful. This emerging risk is unique in that it potentially touches many different third party and first party insurance covers.

Bouwman: The global economic climate has led to increased corporate failures and increased demands by stakeholders for corporations to apply good corporate governance. Coupled with this, greater disclosure requirements and enhanced remedies for a greater number of stakeholders have had a cumulative effect, increasing the potential for personal liability of directors. D&Os are under increased pressure to balance a greater number of stakeholder interests in circumstances where such interests are not aligned, and sometimes diametrically opposed. In addition, legislators and courts are more willing to treat certain categories of senior management exactly the same as directors for purposes of assessing duties and liability.

Flockhart: The key development in recent years is that legal and regulatory obligations are being placed on D&Os which are even more stringent than before. An example of this development is the proposed new Senior Persons regime in the UK. This will hold senior executives of regulated entities to an even higher regulatory standard than is currently in place. Senior executives will, for example, be held personally responsible for failings of the departments which they head up. In England & Wales, we are also seeing the implementation of a new criminal offence of ‘reckless misconduct in the management of a bank’, of which senior executives of financial institutions will need to be aware.

Many companies make great efforts to ensure that their D&Os are familiar with their legal obligations and devote considerable resources to legal and regulatory compliance.
— Nathan Dentice

Snow: Have you seen any recent legal and regulatory changes that will affect the personal risks to D&Os?

Feifel: Over the last 20 years, the legal environment for D&Os in Germany has changed dramatically. Although it was uncommon in the 1980s to hold D&Os liable for wrongful acts, this has changed in recent years. Also, the financial crisis after 2008 resulted in an extensive public debate about the responsibilities of D&Os and in increased legislative and regulatory activities; there are currently about 84,000 laws and regulations in place, according to Markel. Out of the many laws which have been passed since 1990 it is worth highlighting that in 2009 the Bundestag enacted the Act on the Adequacy of Managerial Salaries. This Act imposes the requirement that stock corporations purchasing D&O insurance for their executives must impose a personal deductible to be borne by the directors in an amount which equals at least 10 percent of the relevant loss, up to an annual cap.

Morrison: Historically, many lawsuits asserting that a board of directors breached its fiduciary duty of loyalty have not survived the pleading stage, much less the summary judgment stage of a litigation. At least two decisions in 2014 from the Delaware Court of Chancery, however, have permitted lawsuits alleging breaches of the fiduciary duty of loyalty to proceed to trial, denying the board’s summary judgment motions. On the regulatory side, although the Second Circuit recently held that courts generally cannot force admissions of liability as a condition of settlements, the SEC still has expressed a willingness to require admissions of guilt in appropriate cases. In fact, since SEC Chair Mary Jo White’s announcement in 2013 of the SEC’s position concerning admissions, at least eight such settlements have been entered into. In a recent interview, the SEC Head of Enforcement said that the SEC has other investigations where it may require admissions “coming down the pike, and over time [the SEC] could see more”.

Bark: Last year’s announcement by the SEC to move away from the ‘neither admit nor deny’ policy toward a policy of actively seeking admission of wrongdoing, as a condition to settlement, has a significant impact on D&Os. Another catalyst for additional investigations into companies and against individuals is the whistleblower provision of the Dodd-Franck Act which not only protects whistleblowers but incentivises individuals to come forward. A good example of a smaller change in regulation is the relatively new Conflict Minerals Rule. Those smaller changes are often off-radar but can certainly result in personal liability for D&Os. This rule, for instance, requires companies listed in the US to disclose the source of certain rare minerals with the aim of fighting human rights violations. In February 2014 the UK has allowed its prosecutors to use deferred prosecution agreements (DPAs), which are a form of corporate settlement, allowing the corporation being investigated to admit wrongdoing, and, in doing so, avoid a criminal trial and potential conviction. However, it is limited to legal entities and does exclude individuals, who remain exposed to prosecution.

Bouwman: The most important legal change that will affect the personal risks to D&Os is the enactment of the South African Companies Act three years ago, which codifies the duties and liability of D&Os.  This legislation is expected to become a major source for jurisprudential development by the courts over the years to come.  Specific legislation which will increase compliance risks on companies, and indirectly on D&Os also includes the Consumer Protection Act and the Protection of Personal Information Act, which creates protection for the commercial and personal information interests of concerned parties.     

Flockhart: The UK’s new Senior Persons regime is a good example of greater responsibilities being placed on the shoulders of individuals from a regulatory point of view. In addition, recent legislation, including the Bribery Act 2010, imposes new obligations on D&Os in the area of anti-corruption. Finally, one area to look out for over the next few years is data protection and cybersecurity. If the proposed new General Data Protection Regulation is implemented in the EU, data protection regulators will have much greater power to impose heavy sanctions against companies for breaches of their data protection obligations. For example, if the board of a company has not put appropriate cybersecurity measures in place, which leads to the company being fined, then this can in turn lead to members of the board being at risk of a shareholder claim being brought against them for breach of duty.

Dentice: There are a variety of ways in which legal and regulatory changes are expanding the range of personal risks to D&Os. These developments are likely to continue, as the current trend is very much to make D&Os more accountable for their decisions, particularly when those decisions may affect investors, creditors and consumers. We are entering an age of increasing regulation in almost all areas of commercial life and it will be a long time before this trend reverses.

Snow: In your opinion, are D&Os doing enough to manage the potential risks and liabilities that threaten their company’s value, as well as their own reputation? Is risk awareness growing?

Morrison: Risk management systems vary from company to company, depending on various factors including company size and regulatory environment, among others. While there is no one-size-fits-all to risk management, many boards and companies have made significant investments in this area. For example, it has been reported that Wells Fargo has a risk management department with 2300 employees, and an annual budget of $500m. While most companies do not require quite this level of investment, ensuring appropriate risk management systems within a corporation can assist D&Os in managing anticipated, as well as emerging, threats to the corporation.

Bark: Enterprise risk management and corporate governance are increasingly important and are definitely getting much more attention than 10 years ago. Ultimately, you can never do enough as uncertainty will persist. Companies will apply a cost benefit analysis when deciding whether to invest further in these areas. D&Os are aware of the threat of liability against the company and themselves. It really becomes a race against changes in regulation, and hence a fight to stay ahead of the curve, or at least not far behind it. Large corporate scandals and a loss of trust in entire industries don’t help in that sense, as regulators will demonstrate even greater scrutiny.

Bouwman: There is currently a greater awareness of the risk. Initially, risk management was undertaken, especially by large public corporations, but more recently this risk awareness appears to be growing in other corporate entities. However, with regard to legal and governance risk, some of the more technical aspects of corporate law may not always be fully appreciated by D&Os, and this highlights the absolute necessity for D&Os to take the required advice. Earlier this year, the CEO of a major telecoms company was ordered by the South African Companies and Intellectual Property Commission – being the relevant regulator for companies – to attend a course in corporate governance in circumstances where the company had granted a loan to one of its directors without obtaining the necessary resolutions in terms of the Companies Act.

Flockhart: The most important step in this process is for D&Os to be as well-informed as possible about the potential risks and liabilities which they – and the company which they represent – may face in a particular commercial context. At the moment, many company boards are not well enough informed in this area and this can lead to liabilities for the D&Os themselves as well as the company. To give a couple of examples, many D&Os may not be aware that liability can in certain circumstances be ascribed to both the company and to individual directors and officers under the Bribery Act 2010 for corruption offences and the Enterprise Act 2002 for offences relating to anti-competitive behaviour. This lack of awareness continues, despite the fact that the liabilities arising from both Acts can be very significant.

Dentice: Many companies make great efforts to ensure that their D&Os are familiar with their legal obligations and devote considerable resources to legal and regulatory compliance. Such companies tend to have sound internal procedures and controls, and to manage their risks and liabilities well. However, there are other companies which are not good at managing potential risks and liabilities, whether due to a lack of resources or a lack of knowledge. In some cases, particularly where companies are operating in a highly litigious or highly regulated environment, such companies are almost an accident waiting to happen. However, risk awareness is definitely growing and the information and tools available to companies to help them manage risks are improving.

Feifel: Risk awareness among management boards is growing and developments are in progress. New risks are emerging and the regulatory environment is changing rapidly. As such, companies and their D&Os will face further challenges regarding their potential personal liability in the future.

D&Os involved in transactions need to be aware of the fact that in a typical M&A transaction, the seller company – and with it its D&O policy – will cease to exist upon closing.
— Michael Feifel

Snow: Mergers and acquisitions present a wide array of potential pitfalls. What advice can you give to D&Os undertaking M&A, in terms of protecting themselves from personal liabilities connected to the transaction?

Bark: It is important to engage with legal counsel ahead of time in order to understand the exposures, which can be quite substantial. D&Os should fully understand that a fiduciary duty is attached to any acquisition and a detailed due diligence on their behalf is of utmost importance. Second, a D&O should have a close look at the existing indemnification policy of its employer. Finally, as a D&O, you want to get a very good understanding of the existing D&O policy and how it responds in the event of an acquisition. There is the exposure to claims resulting from wrongful acts that occurred prior the acquisition date, for which the existing D&O policy should respond and turn into a so-called run-off to continue providing cover, even after the acquisition. For those wrongful acts committed after the date, you should have a new cover in place. The key is to understand whether the current D&Os will share that existing limit with the new D&Os joining them via the acquisition.

Bouwman: Where the company is acquiring assets, it is extremely important that proper due diligence be performed. Coupled with this, it is essential that reputable advisers be appointed in order to assist in this regard, as directors are generally entitled to rely on expert advice, provided that such reliance is reasonably warranted by the expertise of the person concerned. Insofar as insurance is concerned, the directors should ensure that any insurance they may have covers the type of transaction undertaken and the risks that will arise in the circumstances, as certain types of transactions may be excluded from cover. Where the transaction is particularly large or strategic, special insurance for the vendor or purchaser should be considered in order to protect the parties to the transaction and also, indirectly, the D&Os concerned.

Flockhart: A director or officer of a company involved in M&A activity is in a high-risk position. Directors who approve an M&A transaction on behalf of a target company could be sued by the shareholders of the target if those shareholders perceive that they have been disadvantaged in any way. Directors may also be sued post-acquisition by the acquiring company, in respect of alleged misrepresentations or misleading statements made during the course of the acquisition process. It is therefore vitally important for D&Os to check their D&O insurance wording to ensure it provides cover for any claims which might arise out of mergers or acquisitions. For example, many policies will exclude cover for certain types of merger or acquisition – for example, if the deal has a US angle. Also, policies often require the policyholder to inform insurers that a merger or acquisition is taking place before cover can be provided in respect of claims arising from that merger or acquisition – and insurers may reserve the right to charge extra premium or amend the terms of the policy before cover is provided. The liabilities which arise out of M&A can be very large, so the importance of checking the D&O insurance coverage position cannot be underestimated.

Dentice: Mergers and acquisitions certainly present a wide array of pitfalls. The nature and circumstances surrounding each such transaction will be different and the best advice for D&Os is to get good legal advice in relation to the proposed transaction, early. Such legal advice should cover the procedure to be followed for the transaction – including confidentiality arrangements and the due diligence process – the terms of the transaction and how those terms should be documented, and the steps which need to be taken for compliance with relevant regulatory obligations. Getting good legal help at the start will help prevent serious problems arising later.

Feifel: A detailed and thorough due diligence exercise is crucial in order to adequately and appropriately assess the risks related to an M&A deal. Otherwise and generally speaking, an M&A transaction may easily give rise to the acting D&Os’ personal liability. Furthermore, D&Os involved in transactions need to be aware of the fact that in a typical M&A transaction, the seller company – and with it its D&O policy – will cease to exist upon closing. Therefore, they must consider putting in place runoff insurance coverage in favour of the selling entity’s D&Os to provide cover for wrongful acts which might have occurred prior to closing. Additionally, steps may need to be taken to ensure that the newly-acquired entity is covered under the buyer’s D&O policy for wrongful acts that occur after the deal closes. Also, Warranty & Indemnity policies that provide cover for unknown breaches of warranties can be a suitable tool for D&Os to mitigate deal related risks. Under most SPAs, sellers give warranties to the buyer on a broad range of matters about the target, such as title to shares, property, employment, tax, intellectual property and other commercial matters. Warranty & Indemnity insurance is an insurance solution which provides protection to either the seller or the buyer against breaches of the warranties and indemnities being given by the seller.

Morrison: In 2013, as has been reported, 97.5 percent of takeovers with a value in excess of $100m resulted in shareholder litigation. This compares to 91.7 percent in 2012, and only 39.3 percent in 2005. Some have described these types of shareholder suits as a so-called ‘litigation tax’ on the transaction because 85 percent of such suits are settled on the basis of certain additional disclosure in the company’s public filings and the payment of a plaintiffs’ attorneys’ fee. To protect themselves in these situations, D&Os should maintain a strong process, documented with board minutes and presentations, as appropriate, request and receive advice from independent advisers, such as bankers and attorneys, as appropriate, as well as focus on making the appropriate public disclosure concerning the transaction. D&Os should also ensure adequate director and officer insurance in connection with such lawsuits.

Increased regulatory scrutiny of D&Os means that cover for investigation costs is now a very important part of D&O insurance cover.
— Ffion Flockhart

Snow: What impact are increased regulations, penalties and settlement figures having on the costs associated with defending claims against D&Os?

Flockhart: The costs involved in retaining legal representation throughout a regulatory investigation can be very high and increased regulatory scrutiny of D&Os means that cover for investigation costs is now a very important part of D&O insurance cover. This is particularly the case in the financial services sector, where heightened regulatory focus has led to more D&O insurance claims being made by or on behalf of the D&Os of financial institutions, particularly in respect of investigation costs. However, it is important to note that while cover for investigation costs will provide vital protection to D&Os, many of the penalties which D&Os may incur will not be insurable, such as fines imposed by the FCA. In these circumstances, an indemnity from the company to a director or officer is also unlikely to respond, so the director or officer will be without any form of protection.

Dentice: Defending legal claims in Hong Kong has always been a costly exercise. A factor which is increasing potential legal costs is the legislature’s new practice of creating new civil tribunals in which regulatory breaches may be ‘prosecuted’, such as the Market Misconduct Tribunal and the Competition Tribunal, where it is easier for the regulator to secure a ‘conviction’ and the imposition of penalties than the criminal courts. Legal costs in civil cases are generally higher than in criminal cases, and the loser is usually required to pay the legal costs of the winner. A director or officer who is on the wrong end of a civil case brought by the regulator will therefore find themselves with large legal bills to pay in order to defend the case and a potential liability for the legal costs of the regulator if they lose which may dwarf the amount of any damages or penalties.

Feifel: As the number of D&O claims increases due to extended regulation, the costs associated with the defence of these claims increases as well. In particular, defence costs in the US have reached a high level as a result of the significant amounts of indemnification. Also, as a consequence of recent jurisprudence there is currently a discussion in Germany as to what degree a D&O insurer has to provide defence coverage independently of the insured limit. This could further increase costs.

Morrison: Increased regulatory and legal risk results in increased compliance and litigation costs. Of note, however, over the last several years, regulators, litigants and some judges in certain instances have sought contributions from D&Os personally, as opposed to from the company or insurers, in settlement agreements. Thus, in addition to ensuring robust D&O liability insurance and modern, comprehensive indemnity bylaw provisions, corporate leaders should consider their companies’ enterprise risk management systems to help identify issues as they arise, and hopefully, limit the cost of defending claims later.

Bark: Generally we see the part of the defence costs increasing in relation to the ultimate damages being paid. There are a few reasons for this. Litigation can involve multiple law firms across multiple jurisdictions, so costs are quickly rising. Another reason for defence costs going up is the actual length of litigation. Studies also show that settlements tend to be higher the longer the litigation proceeds. Another cost driver is electronic discovery which takes place when investigating the actual claim. These costs add up swiftly and increase the overall amount.

Snow: How important is D&O liability insurance as a tool to mitigate the personal risks to board members? How have D&O insurance policies evolved to meet the needs of corporate leaders and their companies over the last few years?

Dentice: D&O insurance has always been an important tool to protect D&Os against personal liability. However, such insurance is not a substitute for D&Os understanding and endeavouring to comply with their legal and regulatory obligations – for example, it cannot repair damage to a company’s reputation caused by a legal dispute or protect a director or officer from the consequences of a serious regulatory breach. It therefore should be seen as one element in a properly constructed risk management framework. As the threat of regulatory action has increased over recent years, we are seeing new insurance policies which cover the costs of responding to regulatory investigations. This is something which D&Os in highly regulated areas should consider.

Feifel: D&O liability insurance has become and will remain very important. However, there are cases where insured persons are disappointed to see how D&O policies work in the event of a claim. It is therefore important to understand how policies work and which scenarios are covered and which are not. Due to a very competitive market, cover under D&O policies has become broader in recent years. Also, special products have been developed to mirror regulatory and legal changes – for example, Select, Contingent, TwoTierTrigger, VorstAG – by way of personal deductible, personal D&O policies. However, it is worth mentioning that there is no practical experience with these new types of products.

Morrison: Simply put, D&O liability insurance is critical. In this regard, insurance policies have evolved over the years to help meet the changing needs of corporate leaders, including offering a wide range of riders and additional ‘Side A’ coverage. For example, some insurance providers now market coverage for investigatory proceedings relating to securities violations and pre-suit/pre-claim investigatory costs, civil monetary penalties, and Side A Difference in Condition coverage, among others. Prudent D&Os will make sure their companies have a robust D&O liability insurance policy, along with broad, mandatory indemnification protections.

Bark: D&O insurance is really the safety net for D&Os, but a sound enterprise risk management and corporate governance framework is incremental and needs to be at the forefront. Of course, D&O insurance is an absolute must in today’s environment. Most companies would struggle to attract top talent without having a D&O insurance program in place. Even though most companies have sound indemnification policies, indemnification might not be possible due to legislation or a lack of available funds. In these cases, risk transfer with the use of D&O insurance is the only protection for individuals. D&O insurance is a dynamic product, and is constantly evolving. Within a few years we have seen policy forms that are easier to read, shorter and make the product more understandable and accessible, including for smaller companies.

Bouwman: D&O insurance is a very important part of managing risk but it should not been seen as a panacea to the entire problem.  Making sure that a risk management framework is designed and implemented holistically means that risk awareness, training and monitoring are just as important as having the right insurance.  Having said that, with an increasingly complicated economic and business environment with numerous risks, D&O insurance performs a critical role in assuring that the right calibre of persons are willing to be appointed as D&Os and that they are adequately protected in circumstances where the risk management framework otherwise fails.

Flockhart: D&O insurance is a vital tool in mitigating the potential risks and liabilities facing board members. D&O insurance can cover a broad range of costs and liabilities which the director or officer would otherwise need to bear personally. In many situations, board members will obtain an indemnity from the company to cover liabilities which they incur in the context of their appointment. However, there are limits to the circumstances in which an indemnity can respond – for example, an indemnity will not be enforceable if a claim is successfully brought against a board member by the company itself – and an indemnity will be of little use if the company is insolvent. In terms of the evolution of D&O insurance, there has been a lot of innovation in recent years in respect of the cover provided. This is a response to the increased legal and regulatory scrutiny which has been placed on D&Os. For example, as well as an increased emphasis on cover for the costs of regulatory investigations, we are now also seeing cover being provided for personal expenses should a director or officer lose their assets or have them frozen as a result of legal or regulatory actions being taken against them. This is a welcome development from an insured’s perspective and highlights the scale of the risks which D&Os now face.

D&O insurance performs a critical role in assuring that the right calibre of persons are willing to be appointed as D&Os and that they are adequately protected in circumstances where the risk management framework otherwise fails.
— Jan Bouwman

Snow: What is your advice to companies and their D&Os when assessing the terms, coverage and pricing of a D&O policy?

Dentice: The pricing of D&O policies in Hong Kong is very reasonable, possibly reflecting the fact that insurers are yet to fully factor into their pricing the new risks that D&Os face. The best advice for D&Os when assessing the terms, coverage and pricing of a D&O policy is to consider the nature of their activities and the potential risks they face, and then to ensure that the D&O policy provides adequate coverage in respect of those risks. There is no point having a D&O policy which excludes the most likely claims which may be made against a director or officer, or which is capped at a level far below the likely extent of any liability. D&Os should also make sure they are aware of conditions on coverage, such as time limits for making claims, and ensure that these are reasonable.

Feifel: Particular attention should be paid to the choice of D&O carrier and the insurance terms and conditions. It is crucial to choose the right D&O carrier with experience in terms of commercial underwriting and claims handling. We would strongly recommend having an experienced broker or other adviser undertake a benchmark for suitable D&O limits and identify the appropriate D&O risk carrier. Pricing should not be the first corner point as D&O pricing is still at a low level. Companies facing a difficult financial situation should consider a meeting with the preferred D&O carrier in order to explain financial data, company history and future developments. A restrictive D&O underwriting can be avoided when detailed risk information and an insight into branch of business and market developments are provided. D&O wordings are usually offered in broad forms, including many additional cost positions, but nevertheless it is important to pay attention to the main insured contents and exclusions.

Morrison: When shopping for D&O policies, D&Os should focus on the scope of, and the exclusions from, the policy’s coverage to ensure that the policy’s coverage reaches areas of potential concern. Using a respected and experienced broker can help tremendously in this process. While a bylaw’s broad indemnification provision helps protect D&Os from personal risk, in many jurisdictions companies may be prohibited from indemnifying officers and directors under the law where there has been a finding of disloyalty or intent. Additionally, when directors or officers leave a corporation, a future board may revise its bylaws leaving the former officer or director without indemnification or advancement of legal fees. A robust D&O policy, including Side A coverage, can help to mitigate these risks.

Bark: First of all, I would recommend that all D&Os read their existing insurance policy and not leave this task to the risk manager alone. In the end it is the one insurance product that protects the D&Os’ personal assets, and not knowing what is really covered is not a good starting point. Second, define your needs: are you a small organisation searching a price driven solution, or a multinational corporation that needs a cross-border compliant solution provided by a large, experienced and financially strong insurance company, combined with claims services available in all countries where you operate? The insurer should have significant experience in handling D&O claims, as this is the ultimate value for the customer. Lastly, alongside the company’s in-house counsel and risk manager, engage with a well-established insurance broker as a consultant that can help to compare the different insurance quotes and policy forms available.

Bouwman: In terms of the relevant legislation, companies may indemnify D&Os against any claims in relation to their duties save for certain limited exceptions, such as wilful misconduct or breach of trust. It is further possible that insurance be purchased to cover such liability of the D&Os, and also for the company’s potential liability towards the D&Os where an indemnity was given. D&Os and companies who are taking up this type of insurance should look carefully at the different offerings available from different insurers. Once they have selected the insurer, they should carefully scrutinise the exclusions and limitations that are contained in the relevant policies – for instance, any exclusions relating to environmental claims. They should also make sure that they fully understand the terms and conditions of the policy. Finally, they must ensure that, where any potential claim arises in relation to the policy, that full and prompt disclosure is made to the insurer in order to ensure that the claim is not vitiated.

Flockhart: It is important for D&Os to work out the potential risks and liabilities which they face in the jurisdictions in which their organisation is active. They should also ensure they know how they can be protected against these potential risks and liabilities. At the moment, many company boards don’t spend enough time getting to grips with the scope of cover which their D&O policy provides. Given the heightened level of risk which D&Os face in today’s climate, it is important that D&Os understand exactly how and when they will be protected from personal liability and where the potential gaps are so they can be mitigated to the extent possible. Protection may also come in the form of an indemnity from the company as well as a D&O insurance policy, but in either case it is important to know that there are limitations on the scope of protection which can be obtained. Once the scope of the risk is understood by D&Os, this will also give context to the pricing of a D&O policy.

Snow: Going forward, do you expect to see more companies implement risk management frameworks designed specifically to protect their D&Os against potential court battles, costly settlements and tougher penalties? What might such strategies entail?

Morrison: In 2011, Deloitte surveyed a number of large financial institutions and found that 86 percent had appointed a chief risk officer or the equivalent, up from 73 percent in 2008 and 65 percent in 2002. This trend has continued as corporations have focused on, and sought to improve where appropriate, enterprise risk management frameworks. While rules issued in February by the Federal Reserve Board require many institutions to put in place chief risk officers, many already do. Goldman Sachs Group Inc., for example, recently moved its chief risk officer onto its management committee.

Bark: We definitely expect companies to continue fostering their enterprise risk management and to have a strong focus on their D&Os’ individual protection. More and more, companies distinguish between the needs of their directors and their management. Being a non-executive director of a large corporation, for instance, entails liability, but it requires special attention to ensure there is adequate cover for these individuals in the case of several claims having already eroded the existing capacity. Companies must also take a closer look at how to protect their D&Os if their indemnification policy fails, such as using Side A policies that can attach in excess of a standard D&O program or ground up. Programs become more tailored and fine-tuned with an increase in liability.

Bouwman: This will become increasingly important. First, a proper risk assessment for the specific company and its directors should be made so that all material risks are identified. Once this has been done, D&Os must make sure that they fully understand the risks concerned, and where necessary the required steps must be taken to mitigate these risks as far as possible. This would include that proper processes be put into place and that the relevant persons receive the required training and guidance. In addition to this step, appropriate insurance for the company and the D&Os should be considered. Finally, proper procedures should be put into place for the eventuality where risks do materialise so that these can be managed proactively. The entire process should be repeated on an ongoing basis.

Flockhart: This is something which is increasingly common and financial institutions in particular seem to be taking steps to ascertain the risks and potential liabilities which their D&Os face as well as the steps which can be taken to mitigate them. This information is then being fed into internal policies and procedures, including risk management frameworks. Risks and potential liabilities faced by D&Os are, by their nature, specific to context and location, so risk management frameworks should always be tailored to the jurisdictions in which an organisation is active and the activities which the organisation carries out.

Dentice: Well-managed companies should always consider having a risk management framework in place. The nature of any such framework will depend on the circumstances of the company concerned, however the framework may involve education of D&Os in relation to regulatory requirements and legal risks, internal controls to ensure that decisions are only made after due consideration and in accordance with applicable laws, a compliance function to oversee the operation of such controls, and a legal function to provide legal assistance to D&Os when issues arise. Prevention is always better than cure – once a legal issue has arisen it may be very hard to resolve.


Jan Bouwman is a corporate lawyer based in Johannesburg. He advises multinational and local clients on a range of corporate and commercial agreements and transactions. His area of expertise includes mergers and acquisitions, structuring of transactions and joint ventures, stock exchanges, securities regulation, corporate finance and advising on issues of corporate governance. He typically advises clients in the mining, pharmaceutical and energy sectors.

Ffion Flockhart specialises in financial risks, including those involving directors’ and officers’ liability.  Praised in Legal 500 for her “high intellect, unflappable calm and formidable organisation”, Ms Flockhart has advised on some of the most high profile matters affecting the industry, including D&O and other claims arising out of the financial crisis which have affected high profile individuals and entities in the UK and beyond. 

Nathan Dentice is a partner of Reed Smith Richards Butler. His practice focuses on general commercial and regulatory litigation, with a particular emphasis on financial services issues and complex commercial disputes. He is often involved in bringing and defending civil and regulatory actions against D&Os of companies. In addition to acting for private parties, Mr Dentice currently advises a number of major regulators on their statutory and public law duties.

Dr Michael Feifel spent two and a half years with Marsh before joining Siemens in February 2014 as head of liability. He started his professional career as a marine expert at AAV GmbH, the in-house broker of Fraport AG. Dr Feifel is a trained German lawyer, a doctor of law and holds a Master’s degree in art history and an undergraduate degree in French law.

Peter B. Morrison is a litigation partner in the Los Angeles office of Skadden, Arps, Slate, Meagher & Flom LLP. He represents clients in both federal and state courts, with a particular emphasis on takeover and securities litigation. Mr Morrison advises corporations on matters involving both federal and state securities laws, duties of corporate directors, SEC and stock exchange inquiries and investigations, and contests for corporate control.

Dominik Bark is the Regional Head of Financial Lines for Europe, Middle East and Africa (EMEA) at Zurich Insurance Company. He oversees the company’s D&O, Professional Indemnity and Financial Institution portfolios for the EMEA Region. Mr Bark joined Zurich in 2011. He holds a Master’s degree in Business Administration specialising in Finance & Banking and an Entrepreneurship from the European Business School (EBS) in Oestrich-Winkel, Germany.

© Financier Worldwide



Carolyn Snow

Risk Management Society (RIMS)




Jan Bouwman

Fasken Martineau


Ffion Flockhart

Norton Rose Fulbright LLP


Nathan Dentice

Reed Smith Richards Butler


Michael Feifel

Siemens Financial Services GmbH


Peter B. Morrison

Skadden, Arps, Slate, Meagher & Flom LLP


Dominik Bark

Zurich Insurance Company

©2001-2019 Financier Worldwide Ltd. All rights reserved.