Tightening regulations, emerging technologies, increasing shareholder activism, intensifying class action litigation activity, escalating merger objections and IPO activity and the rise of regulator activism are among the many challenges facing corporate directors and officers. Executive liability is increasing yearly, particularly in areas such as employment and data protection.
Third party litigation funders are changing the global litigation map, with their influence pivotal in the development of collective actions against financial institutions and commercial entities and their directors and officers. Litigation funders are front and center in some of the largest multi-jurisdictional claims. Activity is expected to increase.
Managers face a growing threat from legal and regulatory liabilities which could result in costly investigations, criminal prosecutions or civil litigation, putting the company’s assets, and their own, at risk.
There is a growing trend towards seeking punitive and personal legal action against officers for failure to follow regulations and standards.
According to AGCS analysis, the number one cause of D&O claims by number and value is non-compliance with laws and regulations. Negligence; maladministration/lack of controls; breach of trust/fiduciary duty; and inadequate/inaccurate disclosure are the other top causes of D&O loss by number of claims received.
Claims severity is rising due to higher legal costs, increasing complexity, expanding regulatory investigations and cross-border actions.
Claims arise internally from trustees, subsidiaries, the company itself, and whistleblowers. Externally, creditors, shareholders, customers, suppliers, competitors, tax authorities, government regulators or even former employees bring the most claims.
There is a general trend for actions to be dismissed or resolved more slowly, meaning lengthier litigation, increased defense costs and higher settlement expectations among plaintiffs, particularly in the UK, Canada, Australia, France, Spain, Hong Kong and the US. According to AGCS, the average securities class action case in the US can take between three and six years to complete, while legal defense costs average around $10m, rising to $100m for the largest cases.
In the UK there are several key issues worrying executives beyond the potential implications of Brexit. These include the possibility that executives could face prosecution in future for offenses including fraud and money laundering carried out by staff. In Spain there is a trend towards increased liability for directors for non-criminal offenses, while France is ramping up its corporate governance regime, with new protections for whistleblowers. The focus on personal accountability is notable in Germany. The German market is typified by internal liability claims, where the company sues executives for wrongdoing or compliance failings. Around 80% of German D&O claims seen annually by AGCS are for such cases.
In the US, the number of securities class action filings is rising, potentially on course for its highest total for 12 years. In addition, at current pace, M&A-related filings in federal courts could double the annual numbers observed in the last four years. Meanwhile, the “Yates Memo” is a renewal of the government’s commitment to policing corporate wrongdoing and rewarding whistleblowers, a trend also taking root outside of the US. In Canada directors of private and public companies face exposure to claims for environmental clean-up costs. Increased oversight activity in Australia seems likely. In Hong Kong, authorities have commenced proceedings against companies for failing to disclose price sensitive information. In Singapore it is now a criminal offence for a director to make use of their position to gain an advantage for themselves. Regulatory scrutiny is also increasing across the United Arab Emirates, where a new law sets out the basis on which liability can be found against directors, while in South Africa, more frequent use of class actions may also expose directors to more claims.
A modest growth of securities-related litigation in Japan has been due to recent legislative changes making it much easier for investors to sue, especially regarding
misrepresentation. Many Asian countries could see larger D&O liabilities in future, owing to changing attitudes towards corporate governance and accountability, increased regulatory activity and a growing compensation culture. Jurisdictions like Hong Kong, Thailand and Singapore are becoming more litigious.
In Latin America, and Brazil in particular, D&O insurance take-up has increased, with recent high-profile corporate scandals related to corruption practices resulting from lengthy criminal investigations.
Executive liability exposures are becoming more complex and interconnected. Many large claims involve regulatory investigations and civil litigation in multiple jurisdictions. Emissions testing problems in the automotive industry are an example of a potentially systemic commercial D&O loss. Meanwhile, the Panama Papers leaks illustrate how a data breach can impact professional service providers and financial institutions, which could in turn spark multiple claims across several jurisdictions.
There is an enhanced focus on supply chain management. Emerging risks such as modern slavery, environmental pollution and climate change-related disclosures could result in reputational risk and shareholder activism, public outcry or governmental investigation. Activists are increasingly targeting companies and directors for not disclosing environmental data or risks to investors.
Data protection rules around the world are becoming increasingly tough as government agencies bolster cyber security. This significantly impacts businesses; penalties for non-compliance are increasingly severe.
A serious cyber incident can result in reputational and financial damage, as well as regulatory action. In more extreme cases a cyber security breach could cause a company’s share price to drop.
In future it may be possible to claim substantial damages from directors if there has been negligence in any failure to protect data or a lack of controls. There is currently uncertainty around the issue of directors’ cyber liabilities but it is likely that someone will make a successful argument that a director was negligent or had not paid sufficient attention to cyber security in future.
There are a wide range of scenarios in which a director could be considered negligent, such as a fund transfer fraud or where a vulnerable network is comprised, leading to significant business interruption, property damage or loss of intellectual property. Directors’ cyber exposures are likely to grow further with increasing reliance on technology. Technology, data and algorithms can become corrupted. For an analyst using predictive models to advise customers, this could open up liabilities.
Increased corporate governance means more D&O exposures. Insurance can cover claims resulting from managerial decisions that have adverse consequences. Policies cover the personal liability of company directors but can also reimburse the insured company’s costs. Common risk scenarios range from employment and HR issues, to misrepresentation, to failing to comply with laws. Coverage does not include fraudulent or criminal activity.
Limits of insurance coverage purchased can range from $1m for SME companies to $500m+ for global Fortune 100 giants.
In order to tackle the increase in management risk in future, executives need to develop a first-class risk management culture. Examples include instilling sophisticated cyber and IT risk management, keeping records of all information relevant to a managerial role and maintaining open communication with authorities, investors and employees.
Executives should ask tough questions about compliance related topics such as sanctions, embargoes, tax haven registrations, price-fixing and fraud and learn more about “classic” D&O exposures such as M&A, capital measures and IPOs. D&O coverage can be complex, so ensure key risks are covered. Conflicts of interest between the directors and the company must be avoided.
A company’s internal risk management and compliance structure should have all these points on the radar, and procedures in place that adequately address or prevent them. This is probably the only defense left for directors and officers if they face a problem in one of these areas.