Risks facing directors & officers


Financier Worldwide Magazine

October 2019 Issue

In an increasingly complex and interconnected business environment, the risks and potential liabilities facing directors & officers (D&Os) have expanded simultaneously. Today, D&Os may be held to account for instances of corruption and fraud, as well as competition, antitrust, environmental, health and safety, tax and international sanctions matters. Escalating regulatory scrutiny is another risk that D&Os cannot afford to ignore. Even so, awareness of the extent of their personal liability is variable, leaving many D&Os staring down the barrel.

FW: Could you outline some of the key factors currently driving the personal risks facing D&Os? What types of risk are generally being seen on a day-to-day basis?

Bentz: The types of cases directors & officers (D&Os) face have changed. Until recently, most securities claims against D&Os involved allegations of accounting or financial misrepresentations. Now, we see a lot of event driven litigation. For example, in recent years, we have seen securities class actions filed against D&Os related to the #MeToo movement, the wildfires in California, data breaches, airline crashes, and so on. None of these claims involved allegations of accounting fraud. Instead, they allege that the D&Os were liable to shareholders because of negative events that impacted the company’s stock price. These event driven lawsuits are expensive to defend and hard to predict.

Hadwin: From a UK perspective, D&Os are subject to greater scrutiny – and potential liability – than ever. This is both in terms of the legal and regulatory obligations that they face and the expectations that shareholders and third parties have of them. A notable example of this is the Senior Managers Regime in financial services – directors are increasingly seen as the front line in managing risk and meeting legal and regulatory obligations on behalf of their companies. A further example is the emergence of cyber risk and the expectation that this risk will be understood and managed at the board level. The chief operating officer of the Financial Conduct Authority (FCA) commented that “we do not consider cyber risk to be a purely technical issue. As well as having the right technology to protect, detect, recover and respond, it is important to move people into the right mindset on security – right from the top, board members, and staff”. This is indicative of a broader shift towards risk management being something which has to be implemented at all levels of an organisation – and that starts with the board.

Hsiao: Corporations and their management teams find themselves under greater public scrutiny than ever. Often, this scrutiny is self-inflicted due to a failure to monitor the flow of information within and outside of the company. When a single leaked email or stray tweet can not only draw public ire but also plunge a company and its D&Os into litigation, it is all the more important to have controls in place that manage the internal and external dissemination of information, whether it is the tightening of data security, regulating which employees have access to sensitive non-public information or vetting every external statement with the same level of scrutiny afforded to an SEC filing. This is particularly true of companies that have recently gone public and need to rapidly adjust their cultures and processes to fit those of a public company. These growing pains are borne out in the data: the number of securities suits faced by companies within the first few years of an initial public offering (IPO) continues to rise.

Jenner: If an individual falls short of their obligations they can be held personally liable via civil, criminal or regulatory proceedings. With a greater culture of responsibility, failure brings a desire for accountability. And with the continued development of employment laws, data privacy and security there is rarely a day when a company is not in the news over such matters. ‘Event’ style litigation is also on the rise. Events may include regulatory or adverse legal developments, the #MeToo movement, cyber incidents, General Data Protection Regulation (GDPR) breaches, product defects and incidents such as dam bursts, aviation accidents or pharmaceutical drug failures. Industry experts are also predicting a new wave of litigation and regulation around environmental impact in the coming years.

Wright: D&Os can face myriad risks linked to the type of company board they serve on. Public companies, especially those whose shares are traded on the Nasdaq or the New York Stock Exchange, either directly or in the form of American depositary receipts, are generally considered to represent the highest litigation risk. Litigation against D&Os in the form of federal securities class action lawsuits has exponentially increased since 2016. Certain industries, such as pharmaceuticals and financial institutions, have been associated with historically higher levels of lawsuits against D&Os, as have territories such as Australia, the UK, Israel and the US. While the US’s legal system poses a unique risk factor, regulatory risk is becoming more significant across all jurisdictions. This exposes D&Os to the threat of either industry-wide investigations, or those which are company specific. Such investigations are time consuming for the D&Os and typically involve significant legal costs. Finally, company performance has been a driver in the personal risks D&Os face. Companies which have run into difficulties and become insolvent have seen claims against D&Os all over the world.

Suskin: In securities litigation, securities class actions against companies and D&Os continue to be filed at an elevated rate. A recent report by Cornerstone Research showed that federal class action securities fraud lawsuits were filed at near-record levels in the first half of 2019, 87 percent higher than the 1997-2018 semi-annual historical average. The complaints are both event driven – stock drop cases – as well as litigation following announcements of merger and acquisition activity. Among the key trends identified, filings against European issuers increased to their second-highest level. By industry, core filings in the communications sector increased by 73 percent, core filings in the industrial sector were the highest since 1999, and the consumer non-cyclical sector had the greatest number of filings overall. Additionally, derivative lawsuits continue to be filed against D&Os alleging breaches of fiduciary duty, particularly in Delaware. The alleged breaches can be based on any number of underlying factors, including alleged failures to implement or oversee internal controls, approvals of allegedly excessive compensation, and corporate waste.

The personal risks have always been there, but clearing one’s name or reputation or representing your interests, particularly where in conflict with the company, can prove timely and expensive.
— Adrian Jenner

FW: In your opinion, have there been any recent, high-profile D&O claims cases in which the outcome proved to be particularly significant? How might such cases impact on how D&Os view the risks they face?

Wright: From a UK perspective, the claim against the D&Os of Tesco for financial misrepresentation was significant because of the damages involved and the fact that it was one of the first successful class actions in the country. In July 2019, it was announced that several UK banks are being sued by investors over allegations they rigged the global foreign exchange market, in a test of US-style class actions in Britain. If such litigation becomes the norm in years to come, it could represent a dramatic shift in exposures for D&Os. Likewise, for US-listed entities, the Cyan ruling by the US Supreme Court in early 2018 was problematic as it was held that claims typically arising out of an IPO could now be brought to a state court. Previously, these claims had to be brought to federal courts, which generally benefited defendant D&Os who were dragged into this type of lawsuit.

Hadwin: Cyber risk is a key topic here. The D&O implications of large-scale, high-profile cyber attacks were brought into focus by a number of shareholder derivative suits in the US that were brought against directors in the aftermath of large data breaches, essentially alleging that directors had failed to manage and mitigate cyber risk adequately. While we have not yet seen this in the UK, claims of this kind are certainly growing in likelihood as more and more public companies are hit by damaging cyber attacks. The risk here is also exacerbated by the fact that the GDPR, in effect since May 2018, now imposes much more stringent burdens on companies that process European Economic Area (EEA) citizens’ data. The UK Information Commissioner’s Office’s (ICO’s) recent intentions to impose heavy turnover-based fines demonstrates how significant the penalties imposed under the GDPR can be. Shareholders, regulators and others may look to the board to ascertain what went wrong.

Hsiao: Prior to their IPOs, companies such as Blue Apron included forum selection clauses in their bylaws, requiring any claims by shareholders under the Securities Act of 1933 to be brought in federal court. Such clauses became more important after the US Supreme Court’s March 2018 decision in Cyan, which held that class actions under the 1933 Act may be brought in both state and federal courts and are not removable to federal court once filed in state court. By opening state court doors to 1933 Act lawsuits, Cyan threatens to expand the potential liability of, and litigation costs incurred by, issuers, D&Os and underwriters involved in securities offerings. However, if upheld, forum selection clauses that require shareholders to bring any 1933 Act suit in federal court would give companies a powerful tool to mitigate the effects of Cyan. In Sciabacucchi v. Salzberg, Vice Chancellor J. Travis Laster of the Delaware Court of Chancery struck down clauses enacted by Blue Apron, Roku and Stitch Fix, finding them invalid under Delaware law because they do not seek to regulate disputes related to the corporation’s internal affairs. Without such mechanisms, companies and D&Os are facing 1933 Act claims in state court at increasing rates: Cornerstone Research reports that from the second half of 2018 through the first half of 2019, roughly 40 1933 Act suits have been filed in state courts, nearly quadrupling the annual rate between 2011 and 2017.

Jenner: In October 2014, when Tesco announced it had overstated its profits, a securities class action lawsuit in the US soon followed. However, shareholders who had purchased shares on the London Stock Exchange were closed out. A group of institutional investors then joined a claim filed in London’s high court on 31 October 2016 seeking damages for the company’s alleged financial misrepresentation for over £100m in damages. This was led by Stewarts law firm and supported by an affiliate of an Australian group, IMF Bentham, a funding litigation firm. The claim asserts that the company violated the Financial Services & Markets Act. A further notable case saw HP sue Autonomy founder Mike Lynch, along with his former finance chief Sushovan Hussain, for more than $5bn after the $11bn 2011 sale of the British company to HP. Mr Lynch denies any wrongdoing and says HP’s mismanagement was responsible for the failure of the acquisition. Both directors are likely to have access to the former Autonomy D&O policy and the expected defence costs are likely to have reached over eight figures before the trial.

Suskin: There have been several significant cases of interest to D&Os. First, both the US Supreme Court, in Cyan, and the Delaware Chancery Court, in Blue Apron, have affirmed that cases brought under the Securities Act of 1933 alleging fraud in connection with IPOs may be brought in state court, even if a company tries to implement a charter provision requiring such lawsuits to be brought in federal court. D&Os should be mindful that there are particular risks attendant to defending securities cases in state court, including the relative lack of familiarity of state court judges with such claims. Second, in a recent Delaware Supreme Court ruling, Blue Bell Creameries USA, the court made clear that to satisfy their duty of loyalty, directors must make a good faith effort to put in place a reasonable system of monitoring and reporting about the corporation’s central compliance risks. Failure to do so may expose directors to liability.

Bentz: In 2018, the US Supreme Court ruled that state courts retain concurrent jurisdiction with federal courts for liability actions arising under the Securities Act of 1933. This decision prevents defendants from removing cases filed in state court to federal court. This means that defendants face the very real possibility of having to litigate in multiple jurisdictions at the same time, as there is currently no mechanism to consolidate cases pending in state and federal courts. So after Cyan, D&Os may be forced to fight a multi-front battle applying different laws, discovery requirements and verdicts for the same, alleged wrongful acts. This significantly increases the costs to defend. And since D&O policies are typically written so that defence costs decrease the limit of liability, there may be less limit available to settle or resolve claims.

Given the importance of data analytics in creating a sustainable competitive advantage, protecting a company’s IT integrity is arguably the newest risk faced by D&Os.
— Alan Wright

FW: In what ways have the personal risks faced by D&Os changed over the past few years? What major new risks have arisen?

Hsiao: The subject matter of putative securities class actions has changed in recent years. While securities suits still often follow a financial restatement or a poor quarterly earnings report, more shareholders are bringing suits following ‘bad news’ not directly tied to financial statements, such as bursting pipelines, charges of bribing foreign officials, cyber security breaches and sexual harassment scandals. Such event driven securities litigation expands potential D&O liability, as it seems that almost every Foreign Corrupt Practices Act (FCPA) claim or toxic tort suit is being repackaged into a securities action in which D&Os are potentially personally liable. The threat is particularly acute given that many of these suits are not based on a public statement specifically tethered to the particular event, but rather allege that a company’s general pronouncement that it believes it complies with the law or operates safely is rendered false if a bad event occurs.

Jenner: Following the GDPR fine for International Airlines Group, parent company of British Airways, the question being asked is who is responsible for the fine and penalty. Will shareholders look to hold D&Os accountable? What redress do they have? Perhaps companies and their boards are beginning to wake up to the culture of ‘where there is blame there is a claim’. With access to constant data points and requirements of public companies to share data and be transparent about risks and operational failures, lawyers and those affected by such matters are turning to regulators or the courts for possible redress. The personal risks have always been there, but clearing one’s name or reputation or representing your interests, particularly where in conflict with the company, can prove timely and expensive.

Wright: The emergence of data breaches at a number of high-profile companies is indicative of a new type of exposure that D&Os now have to contend with. As the global economy has become increasingly interconnected and e-commerce has become the norm, the potential for fraudulent activity has grown. However, D&Os’ awareness of how to identify these new exposures has not advanced as quickly. Expectations are that boards will be held accountable for such breaches and fines imposed against the liable company, as was the case with the £183m fine handed out to British Airways by the ICO. The challenge for D&Os is to ensure that the boards on which they serve are cognisant of the exposures they face around possible data breaches. Given the importance of data analytics in creating a sustainable competitive advantage, protecting a company’s IT integrity is arguably the newest risk faced by D&Os.

Bentz: One of the more significant changes in recent years is the increased risk to D&Os stemming from privacy and data breach-related claims. This has become a management or board-level issue as much as an IT issue. Unfortunately, companies have been slow to understand the risks, and many have not adequately insured against the risk to the company or its D&Os. In addition, new and ever-changing statutes such as the GDPR and the California Consumer Privacy Act (CCPA) have put a target on directors. It is now common, if not expected, for derivative suits, securities class actions, consumer class actions, regulatory investigations and congressional hearings to follow any high-profile data breach.

Suskin: It remains relatively rare for D&Os to be held personally responsible or liable to pay out of their own pockets. Most D&Os are indemnified by the corporation’s bylaws to the fullest extent of the law, and are covered as well by D&O insurance, which generally leaves them exposed to personal liability only in instances of proven intent to defraud. The one major risk for D&Os that seems to be taking increased attention is that of reputational risk – that is, if they have been accused of serious misconduct or dereliction of responsibility, or even of ‘guilt by association’, the reputational taint is not so easily erased going forward.

Hadwin: There are two main changes affecting D&Os’ personal risks. The first is increased regulatory scrutiny, which we have seen for a number of years now and which is not going to diminish. The second is a more activist approach by shareholders who are increasingly willing to put pressure on board members, including, in the most serious circumstances, by way of shareholder derivative lawsuits. Lawsuits of this type sometimes treat poor commercial performance as automatically equating to a breach of duty on the part of the director in and of itself. Legally, of course, this is not the case, but it demonstrates the aggressive approach that some shareholders are willing to take.

The D&O marketplace is highly competitive and continues to evolve as insurers seek to differentiate themselves by offering expanded coverage packages.
— Winston Hsiao

FW: In terms of D&O insurance, what steps should companies take to ensure they offer their D&Os an appropriate level of coverage?

Jenner: Clients should start with instructing brokers who have appropriate experience. They should also work with external law firms, where appropriate. However, it is always a good starting point for D&Os to understand the company’s articles and any mandatory indemnification agreements they may have the right or access too. Once established, the company and the board can decide, with appropriate input, what, who and how they want to protect the company and its D&Os. It is not just a question of the total limits of insurance, but how this will interact with the company, main board and executive teams, down to subsidiary and employee levels. It can be three to six years before any possible findings by regulators or formal legal cases are adjudicated on and directors may then be former directors. The company could find that they are answering questions as to why they are sharing the D&O policy and with whom. The D&O policy for a large corporate may involve multiple policies and insurers and can be a complex procurement.

Wright: Companies need to decide what their motivation is for purchasing D&O insurance. Is it to attract and retain top quality individuals for their board or do they view it as a procurement exercise? The latter approach being price conscious, treating D&O insurance as a commodity fails to appreciate the nuances of the product and that its raison d’être is providing ‘personal asset protection’ to D&Os when the company is unable to indemnify them from a lawsuit. Therefore, this insurance is intended to provide appropriate protection and reassurance that a D&O will never have to rely on his or her own assets to protect themselves from litigation. Consequently, companies should retain a specialist D&O broker who can advise them on the appropriate level of cover after a risk audit. Additionally, they should select insurers who have a proven long-term track record in the product and exemplary credit ratings. D&O claims can typically take years to be resolved, so it is important that the insurer selected is around to pay any claim in five to 10 years’ time. This is often overlooked at the time of purchase.

Suskin: Companies should take a holistic approach to ensuring that they offer their D&Os an appropriate level of coverage. This includes having the D&O insurance programme provide, in addition to Side-A only coverage, other coverage programmes for errors and omissions, property, products if relevant to the business in question, cyber and general liability. Consulting with outside insurance coverage counsel and insurance brokers is important to making an accurate determination whether insurance coverage is adequate. Too often we see gaps and limitations in coverage that fail to address ever-changing circumstances.

Hadwin: Companies and their D&Os should work together to scope the liability risks that D&Os face globally and should then cooperate to ensure that appropriate protections are in place to mitigate those risks. These protections will most likely take the form of a corporate indemnity and D&O insurance cover. This position, in terms of both the liability risks and the appropriate means of protection, should be kept under constant review, bearing in mind that the risk landscape is anything but static.

Bentz: Companies and insurance brokers have several methods to determine an appropriate level of D&O insurance coverage. However, this is fundamentally a question of risk tolerance, so there is no single ‘right answer’ as to how much coverage a company or its D&Os need. Claim studies can show how publically reported matters have been resolved and benchmarking studies can show what a company’s peer group has purchased, but neither of these methods are perfect. Often, finding the right limit is a mix of how much limit is necessary to attract qualified directors and how much the company can afford.

Hsiao: It is critical that companies have a comprehensive understanding of their risk profile to ensure that an appropriate level of coverage is in place for D&Os. A good first step would be to obtain robust benchmarking data to see what peer companies are doing with their D&O programmes, which should typically be available from most insurance brokers. Companies also need to consider ongoing and prospective exposures unique to the company. This often involves cross-functional input from a company’s risk management, legal and business departments, as well as the broker and outside counsel. The level of coverage procured is a business decision that must strike the proper balance between protecting D&Os, as well as the company’s balance sheet, and doing so at a price that makes sense in the particular circumstances.

Companies and their D&Os should work together to scope the liability risks that D&Os face globally and should then cooperate to ensure that appropriate protections are in place to mitigate those risks.
— Steven Hadwin

FW: How have D&O insurance policies evolved in recent years? Have there been any general changes in terms, exclusions, pricing and so on?

Hadwin: Until the recent hardening in the market, brokers and organisations that purchase D&O had been pushing for broader cover and higher limits than has previously been the case. Many insurers and brokers have been willing and able to work with insured organisations in designing and purchasing D&O products which meet the organisation’s – and their D&Os’ – unique liability risks. For example, we have seen the development of D&O programmes providing ring-fenced cover for senior executives or individuals who face particular types of exposure.

Hsiao: The D&O marketplace is highly competitive and continues to evolve as insurers seek to differentiate themselves by offering expanded coverage packages. For example, more insurers are enhancing or providing coverage of investigation costs incurred at the entity level; this is a significant change from standard D&O policies in the past that either did not cover investigation costs at all, or only covered such costs incurred by D&Os and not by the company. Other enhancements that are becoming more common include reinstating limits for unrelated claims and rebating a percentage of the paid deductible where the insured is able to achieve an early dismissal of a claim with prejudice. These features all would be welcome add-ons to any D&O programme. However, policy enhancements may be more difficult to achieve in today’s hardening marketplace.

Bentz: A number of factors have led to a hardening market for D&O insurance. So far in 2019, most brokers have reported that premiums have increased for all but their best risks. Underwriters point to increased IPO risks, increased securities filings, multi-front litigation, cyber risk, event driven litigation, and other factors to justify the increases. Consolidation has also played a role in the increases. Although capacity still remains, fewer underwriters want to write primary coverage for directors and officers. Fortunately, the tightening D&O market has not yet hit the terms and conditions being offered. That said, we have seen some underwriters moving away from certain categories of risk, leaving a void for some companies.

Wright: The last 10 years saw considerable expansion in the scope of coverage provided by D&O policies, especially in the London market, as insurers competed for business sometimes at the expense of underwriting discipline. However, the upshot was that D&O premiums, retentions and coverage were unsustainable once the losses inevitably materialised over the last 24 months. The experience of the London market is not unique and a ‘hardening’ or correction in the D&O marketplace is happening globally. The only difference is the speed of correction across the various markets.

Jenner: When previously negotiating D&O policies, companies would have had regular premium reductions and coverage enhancements. However, this changed in 2019. The UK D&O insurance market has been a competitive space for over 15 years, with regular new entrants from Lloyd’s syndicates, insurance companies and managing general agents. Additionally, many of the major brokers have created specific facilities and own-labelled policy wordings for their clients. However, with reductions of excess of an estimated 50 percent of rate over the last decade and an increased frequency in D&O-related defence costs and liability settlements, insurers have awoken to both the lack of reserves and inadequate pricing to meet the current and future claim demands facing today’s companies and their D&Os. It would appear that across the remainder of 2019, and certainly into 2020, the D&O space will be a very challenging place to be for insurers, clients and their advisers when procuring D&O policies.

D&Os should examine whether their regular outside counsel will be on the insurer’s approved list and, if they are not, negotiate their inclusion at the policy inception.
— Howard S. Suskin

FW: What advice would you give to both companies and D&Os when they are assessing the merits of a particular D&O policy? Which elements are of paramount importance?

Jenner: Companies and their D&Os must assess their own unique needs. In the large corporate space, there is unlikely to be a standard ‘off the shelf’ product suitable for the individual client’s needs. Working with their advisers, they will be able to differentiate and define their needs. In a more challenging insurance market, companies must start early and have a clear strategy about what is needed. Will you need to present your risks differently? Is involvement from members of the board, senior management, legal or others within the business needed, or is additional information required to submit with the renewal? What is the company’s risk appetite for self-insured retentions? Are indemnification agreements current and valid? Companies must understand what matters might need to be notified to the insurers and the expectation and interplay around the same. Often there is not even a loss at the time the policy is needed, but the company and its D&Os will need to interact with the insurers. While the needs of individuals might not align with those of the company, the interactions between all of the parties concerned may exist for three years plus. Companies must ensure that everyone in the organisation is aware of the situation and any other factors that they might need to consider. The company, board and senior management must be aware of the limits and any material changes to the D&O policy and a reminder must be issued to all concerned, ensuring they are aware of their obligations to report any matters to the company and insurers.

Hsiao: The primary focus when evaluating the merits of a D&O policy should remain on the basics. First, the importance of working with experienced and reputable insurers and brokers cannot be overstated. Second, policyholders, along with their team of brokers and outside counsel, should carefully scrutinise the key terms, conditions and exclusions of the policy to ensure that the policies will function as intended, if and when a claim comes through the door. These core provisions include coverage grants, the definitions of ‘insured’, ‘claim’, ‘wrongful act’ and ‘loss’, and the provisions on advancement and priority of payments.

Bentz: Most directors limit their inquiry about their D&O coverage to the policy limit and retention. Rarely do directors ask about key exclusions, what their personal, financial exposure may be, or even what protections they would want from the company. Instead, they rely on someone else to say that they have a ‘good’ policy and assume that is enough. Unfortunately, this often means that the directors and officers do not learn enough about their coverage until there is a claim – and then it is too late. Finding out that coverage was available if it had only been requested – often for no additional premium charge – is frustrating to say the least.

Suskin: It is important to pay close attention to key terms, exclusions and limitations of a policy. One aspect that is particularly important, and often overlooked, is with regard to insurer control over selection of counsel. D&Os normally prefer to be defended by counsel with whom they are familiar. But D&O policies often give the insurer significant influence or control over selection of counsel, frequently in connection with the insurer having negotiated significant rate discounts with select panel counsel. D&Os should examine whether their regular outside counsel will be on the insurer’s approved list and, if they are not, negotiate their inclusion at the policy inception. It is usually difficult to get counsel approved later, and approval may be tied to significant concessions on rate discounts that the counsel may be unable or unwilling to accept. It is also important to make sure that policies include coverage for investigations. Not all policies do, and some that do have limitations that unrealistically underestimate the costs of conducting such investigations. Additionally, many policies do not cover responding to government subpoenas, including as non-party witnesses, but such responses can entail exceptionally high costs, particularly where identification, recovery and production of electronically stored information is involved.

Wright: No two D&O policies are the same. Each insurer has their own policy wording which means that comparisons between the two are not always straightforward. Therefore, the assistance of a D&O specialist is paramount and although price is vital, it should not be the dominant factor in the purchasing decision. The cheapest option is not always the best option. The most important questions to address are: what triggers coverage under the policy? Are investigations by a regulator automatically covered even if there is no allegation of a wrongful act? Will this cover me for claims brought anywhere in the world? How do I notify a claim? Will my legal costs be met in a time-effective manner?

Hadwin: Companies should always analyse the scope of and limitations on D&O cover to ensure that it matches the risk profile faced by the D&Os. For example, is the limit of indemnity sufficient? Is the definition of ‘insured person’ broad enough to include all relevant individuals in the appropriate contexts, such as individuals with particular regulatory responsibilities? Companies should also make sure that triggers for cover are early enough. I say this because regulators have in recent years increasingly made enquiries of D&Os in particular circumstances, in a way which falls short of being a full-blown investigation. Ideally, D&O policies should cover any costs incurred in responding to those enquiries, notwithstanding that a formal ‘investigation’ – which was traditionally the trigger for investigation costs cover in many D&O policies – has not been commenced.

Finding out that coverage was available if it had only been requested – often for no additional premium charge – is frustrating to say the least.
— Thomas Bentz

FW: How might the personal risks facing D&Os evolve in the months and years to come? To what extent are they becoming more complex, international and unpredictable in scope?

Suskin: It does seem that the risks facing D&Os increasingly are becoming more complex, international and unpredictable in scope. Very few, if any, predicted a couple years ago the explosion in ‘MeToo’ investigations and claims, that are now being lodged with increased frequency against D&Os and their companies for having failed to prevent the alleged misconduct. Likewise, in the securities litigation arena, efforts at bringing class action litigation in foreign jurisdictions are getting more traction. Additionally, shareholder activist campaigns, including demands for books and records under Delaware’s General Corporation Law Section 220 and analogous statutes in other states, shareholder derivative demands and shareholder derivative lawsuits, continue to evolve as new controversies de jour unfold. The subject matters of the campaigns have been wide ranging, including issues concerning accounting internal controls, internal controls relating to cyber breaches, FCPA violations and allegedly excessive compensation of officers and directors. All of this has been exacerbated to some degree by the trend of having shareholder activism be supported by litigation funding firms. The consequence is that the opposition can afford to be more aggressive and has considerable added staying power to remain in the fight. All of which augers for the importance of having robust insurance coverage.

Hadwin: Heightened regulatory scrutiny and higher shareholder expectations are here to stay. The challenge for directors is understanding and dealing with emerging risks, which in many respects are complex and difficult to deal with. Cyber risk is probably the best example of this and, while cyber attacks against companies are the main headlines for now, we would not be surprised if in a little while we are also reading about claims against directors who did not do enough to protect their companies against the cyber threat.

Jenner: The GDPR has only been enforced for a short period and it is already creating headlines around the size of some of the fines and penalties, which may not be directly insurable against.

deferred prosecution agreements (DPAs) have also become more prevalent. DPAs have been an established practice in the US for years, however only a small number of cases have prevailed in the UK to date, the most recent and prominent case being Tesco. DPAs may be appealing to both companies and the Serious Fraud Office (SFO) as they may allow companies to escape criminal prosecution by paying a fine and improving compliance. There may be consequences for D&Os, however. Environmental risks are also a threat and will continue to rise on the agenda of risk for companies and their D&Os. Finally, the ongoing uncertainty around Brexit and what effect it may have on businesses, plus the currency fluctuations, potential for recession and possibility of ‘tariff wars’, is creating a number of obstacles for companies and their D&Os to navigate. The tone from the top and the management of these risks is increasingly important for shareholders, regulators and those affected by any breach or disruption.

Bentz: The personal risks to directors and officers continue to grow. There are no signs that securities litigation is going to slow down, or that event driven litigation is going away. We also see signs that cyber risks are up and that defence costs will continue to rise. That, coupled with increasingly active enforcement of laws, such as the GDPR and CPPA, suggest that the risk to directors and officers will increase in coming years. Clearly, underwriters are taking all of this into account as the market hardens and premiums are adjusted in order to cover the increased frequency and severity of D&O claims.

Hsiao: The trend of event driven securities litigation shows no signs of slowing down. Courts have not been afraid to dismiss many of these suits early in the proceedings, but a few recent decisions may encourage plaintiffs to continue on this path. The trend is also global in nature, as the rate of securities lawsuits brought against foreign issuers remains at all-time highs. Potential legislation also may pose heightened risks for D&Os. In May, the House Financial Services Committee passed the Insider Trading Prohibition Act, which aims to amend the Securities and Exchange Act of 1934 by inserting a new section defining the elements of criminal insider trading. The bill both clarifies and significantly expands what constitutes prohibited insider trading. A similar bill was proposed in 2015 but did not make it past the committee stage, so the progress of this current iteration is something to watch.

Wright: D&Os are accountable for anything they might say to investors, documents they publish or business decisions they make or fail to make. This imposes significant responsibility on them to make sure they do the right thing. However, the business environment in which they operate is challenging, and political risks such as the US-Sino trade wars and Brexit are increasing. Moreover, regulatory agencies are cooperating to a far greater degree, which generates the threat of multijurisdictional investigations against D&Os. Therefore, it is not stretching credibility that the risks faced by D&Os are far more challenging in 2019 than they were a decade ago, and that is before the picture is complicated by the plethora of cyber security threats which D&Os must consider.


Thomas H. Bentz Jr. is a partner at Holland & Knight LLP where he practices insurance law with a focus on directors & officers (D&Os), cyber and other management liability insurance policies. Mr Bentz is a co-chair of the firm’s insurance industry team and leads Holland & Knight’s D&O and management liability insurance team, which provides insight and guidance on ways to improve policy language and helps insureds maximise their possible insurance recovery. He can be contacted on +1 (202) 828 1879 or by email:

Howard S. Suskin is a litigator with substantial first-chair experience in civil and criminal securities matters. He is co-chair of the firm’s securities litigation and enforcement practice and the class action practice. Individuals and businesses seek his counsel in such matters as class actions alleging securities fraud and misrepresentation claims, derivative actions claiming breach of fiduciary duty, contests for corporate control, and shareholder demands for corporate books and records. He can be contacted on +1 (312) 923 2604 or by email:

Steven Hadwin is a dispute resolution lawyer based in London, advising on insurance matters. He has experience in dispute resolution, coverage advice, policy reviews and policy drafting. Mr Hadwin has experience in relation to a number of classes of insurance, including directors and officers’ liability insurance, crime insurance, professional indemnity insurance, warranty and indemnity insurance, cyber insurance, employment practices liability insurance and excess wordings. He can be contacted on +44 (0)20 7444 2290 or by email:

Winston Hsiao practices complex civil litigation in state and federal courts, representing clients in a wide range of suits, including securities and shareholder litigation, tax shelter and accounting malpractice, contract disputes and fraud claims. Mr Hsiao has also represented clients in private arbitrations, internal investigations, criminal matters and appeals. His clients include US and international companies in the financial services, tax consulting, pharmaceuticals, biotechnology, medical insurance, energy, education and food industries. He can be contacted on +1 (213) 687 5219 or by email:

Alan Wright is underwriting director for the London market with over 20 years of experience in the insurance industry. Prior to joining Tokio Marine HCC in 2009, he was a director at Aon Financial Service Group managing the team placing D&O for large corporate and financial institution clients. Mr Wright has a degree in Economics from Swansea University and an MBA from Heriot-Watt University. He can be contacted on +44 (0)207 648 1307 or by email:

Adrian Jenner has a wealth of experience in financial lines having been in the industry for over 30 years. He is a regular speaker and contributor to the ever developing world of directors and officers (D&Os) insurance and has the same energy and enthusiasm for the product and offering as when he first started out. He currently heads up Zurich’s London D&O team which he joined in 2018 from Beazley where he was predominantly underwriting US company D&O. Prior to this, Mr Jenner was on the client advisory and broking side for Marsh and formerly HSBC Insurance Brokers working with some of the world’s most prestigious clients. He can be contacted on +44 (0)20 7648 3816 or by email:

© Financier Worldwide



Thomas Bentz

Holland & Knight


Howard S. Suskin

Jenner & Block


Steven Hadwin

Norton Rose Fulbright LLP


Winston Hsiao

Skadden, Arps, Slate, Meagher & Flom LLP


Alan Wright

Tokio Marine HCC


Adrian Jenner


©2001-2019 Financier Worldwide Ltd. All rights reserved.