What is directors and officers liability insurance?

What is directors and officers liability insurance? | Insurance Business

What is directors and officers liability insurance?

Directors and officers (D&O) liability insurance protects corporate directors and officers in the event that they’re personally sued for actual or alleged wrongdoing when managing a company. The insurance helps cover defence costs and damages (awards and settlements) arising out of wrongful action allegations and lawsuits.

D&O insurance is the financial backing for a standard indemnification provision, also known as the hold harmless provision, which shifts potential costs from directors and officers for losses related to an action they took on behalf of the company.

The coverage reimburses the organisation when it indemnifies the individuals and also provides ‘entity coverage,’ which eliminates disputes of coverage allocation if both the directors and officers and the insured organisation are named in the same lawsuit.

What perils does a D&O policy cover?

Business leaders can be held responsible for a wide range of corporate issues. The Insurance Information Institute in America states: “Business leaders can be held responsible for a company’s failure to comply with regulations and to provide a safe and secure workplace. In addition, if a company is found liable for losses because of operational failures and mismanagement, directors and officers may be exposed to liability as well.”

Common claims brought against directors and officers include:

  • Lack of, or poor corporate governance
  • Company or stock underperformance 
  • Breach of fiduciary duty resulting in financial losses or bankruptcy
  • Failure to comply with laws and regulations
  • Making decisions without necessary authority
  • Employment practices and HR issues

The list goes on, and as new exposures like cyber liability continue to gain prevalence, the complexity of the risk landscape surrounding directors and officers is growing fast.  

What businesses need D&O insurance?

There has long been a misconception that D&O claims only really impact public companies. However, insurance giants around the world are trying to clear the haze around that. As Travelers puts it: “All organisations, whether public, private, or non-profit, and the people who lead them are vulnerable to a multitude of D&O exposures.”

The costs associated with lawsuits arising from D&O exposures are now so great that D&O insurance has become a necessity for many businesses. Organisations that do not purchase the coverage risk going bankrupt or sustaining losses from which they will struggle to recover properly.

US insurance firm The Hartford states: “Your company does not have to post revenues in the tens of millions of dollars for your directors and officers to be personally sued over their management of company affairs. In fact, smaller businesses with fewer assets may need the protection just as much as large, deep-pocketed corporations.”

What’s driving demand for D&O insurance?

Employees today are more aware of their rights than ever before, and they’re not afraid to exercise them even if that means pursuing a class action lawsuit. Likewise, active investors are also holding businesses accountable for their actions in order to improve practices and drive successful, profitable businesses.

International laws and regulations like the strict data protection laws slowly gaining prevalence around the world are also making it more important for businesses to purchase D&O insurance. As stated previously, management can be held responsible for a company’s failure to comply with laws and regulations.

What happens if a claim is made after a director ceases to hold office?

A director or officer may be held liable even after they cease to hold office. Therefore, it’s essential for companies to keep D&O insurance for former directors, according to the Australian Institute of Company Directors. The Institute explains: “If D&O cover is not maintained, a former director may be left without any recourse against a policy for claims arising after they cease to hold office. Ideally, the D&O insurance policy also includes ‘run-off cover’, being cover that applies after a director ceases to hold office. The duration of run-off cover should be at least seven years [in Australia].”

What is run-off cover and does the ideal duration differ between markets?

Run-off cover, also called a tail policy or closeout insurance, covers directors and officers after they cease to hold office. This might be because they’ve retired, sold their company, or even gone insolvent. In Australia, the standard duration of run-off coverage is seven years, whereas in the US, the standard length of a tail policy is six years. Like the US, the average duration for a run-off policy in the UK is six years.

D&O coverage for multinational firms

Approximately 20-years-ago, the concept of worldwide D&O liability insurance was introduced, giving multinational corporations another option beyond traditional global [non-admitted] programs. Many started using a Difference in Conditions (DIC) program approach, which enabled local operating entities to insure their own operations on an admitted basis in each country of operation. The local policies could be customised to local laws and regulations, while sitting under a worldwide policy (often written out of the US).

However, this approach can be challenging because of variations in international law and differences in rules and regulations around negotiating and binding insurance coverage etc.

Michael Rossi of The Insurance Law Group wrote a paper called ‘The key to developing a truly global D&O program’ in which he said: “The main reason why many D&O insurance programs are not truly global in nature is that D&O policy wording, wherever a program is purchased, is not viewed in a global context.

“If, for example, a global D&O insurance program is placed in the UK, it typically is

not reviewed against standard D&O insurance wording for global programs purchased in the US. Likewise, a global D&O insurance program placed in the US typically is not reviewed against standard D&O insurance wording in programs available in the UK. This is just an example, and any number of jurisdictions could be cited.

“The result of the failure to review D&O policy wording in a global context typically is that any program purchased in a particular jurisdiction in the world (e.g., UK) will have deficiencies in it vis-à-vis a program that could have been purchased in a different jurisdiction (e.g., US).”

Emerging risks impacting D&O liability

The global law firm Clyde and Co cites cyber risk as one of the top emerging risks faced by directors and officers in companies around the world today. Those in top managerial positions can be held liable if a company’s confidential information is disclosed during unauthorised access by an outside third party. There are strict data breach and privacy laws in place to protect consumers from such incidents.  For example, in February 2018, Australia enforced a new mandatory data breach notification regime which requires companies holding personal information to report data breaches to the Federal Privacy Commissioner.

“Prior to the introduction of the new regime, it would be prudent for directors and officers to review their company's procedures in relation to privacy compliance, the risks associated with cyber security and the need for the company to purchase cyber risk insurance,” a Clyde and Co report stated. “After the introduction of the regime, there will be a real risk to companies, directors and officers of class actions and collective complaints arising from a data breach reported in compliance with the mandatory data breach notification obligations.”

The same can be said for Canada’s Digital Privacy Act, which was enforced on November 01, 2018, and the European General Data Protection Regulation (GDPR), which was enforced on May 25, 2018. The GDPR protects the privacy and data of all individuals within the EU and has extra-territorial reach, addressing the export of personal data outside the EU. Directors and officers who fail to make their companies GDPR compliant could face D&O liability claims in the event of a data breach.