Top 5 concerns for Directors and Officers
Just as Greek mythology’s Atlas carried the weight of the world on his shoulders, a shift in attitudes towards corporate responsibility means company Directors and Officers (D&Os) are beginning to bear the brunt of corporate liability. This move is having a noticeable impact on the industry, with an evolving insurance market for Directors’ and Officers’ liability insurance.
Whereas in the past, legislation has been geared towards the culpability of a company as an entity, this liability is now being pushed in the direction of the individuals at the helm. D&Os are now under intense scrutiny to comply with legislation and hold an unprecedented amount of personal liability for a company’s actions.
Technology is also part of the landscape. The Internet of Things (IoT) and increased compliance and data protection regulations are also adding to D&Os workloads.
A recent article in the Insurance Post quoted a new survey by A&O and law firm Willis Towers Watson that highlighted the top five concerns for today’s Directors and Officers. These were…
Regulations and investigations
UK prosecutors and regulators issued almost £1bn in fines and penalties to companies throughout 2015. Legislation is constantly changing, and with personal liability on the up, it’s vital that D&Os keep up-to-date with regulations and take steps to protect themselves from the potential cost of investigations.
For example, 44% of respondents to the survey admitted they were unaware of the plan to extend the Senior Managers Regime to all financial intermediaries and asset managers. This replaces the existing Approved Persons Regime and updates the Presumption of Responsibility with the Duty of Responsibility, which rolls out more rigorous duty and responsibility controls to a wider network within a firm. It’s essential that D&Os keep up with the relevant regulations for their industry – failing to carry out due diligence could mean large financial penalties down the line.
Investigations can and do happen – they’re actually far more common than you might think. 27% of respondents admitted they, or a director at their company, had been investigated in the past, with the number rising to 39% for public companies.
In the same survey, 31% of companies admitted to having experienced a cybersecurity breach in the last 12 months, with 70% of public companies ranking cyber risk as one of their top five concerns.
The liability for cyber attacks is not considered to purely rest on the shoulders of the attackers. Companies are legally obliged to take reasonable measures to prevent an attack via a cyber security protocol. Failure to do so amounts to negligence.
The Internet of Things (IoT) complicates things further: who’s liable when a device connected to the internet is hacked or malfunctions? What are the business ramifications if there is a breach when a company uses the IoT in its production process? Insurance becomes essential in these situations to protect a company from financial loss, as well as, potentially, any resulting lawsuits.
Cyber attacks can have a devastating impact, both on your commercial viability and your wider business reputation. They can also lead to the next biggest worry for company directors… Data loss.
From buying behaviours to credit card details, companies are now collecting and retaining vast amounts of data about their customers. And with increased data comes the increased need for adequate protection and security. Without it, data could be lost, stolen or misused, leaving D&Os in hot water.
Employees are statistically one of the most common reasons for data loss. Whether they’re disgruntled and taking malicious action, or just careless and poorly trained, employees should be considered a prime security risk when it comes to data.
The EU’s General Data Protection Regulation, which comes into force in May 2018, shifts the accountability for data breaches from the impersonal face of a company, onto an individual, i.e. the company director or senior officer. A specifically appointed employee, such as a data officer, would similarly shoulder a certain amount of personal liability should something go awry.
Criminal and regulatory penalties
Just as traditionally a captain would go down with a ship when it sunk, Directors and Officers are being forced to take ‘a fall’ with the business. Shifts in attitudes and legislation mean that criminal action and regulatory penalties are being personally placed on D&Os. Ultimately this means that D&Os must make it their business to ensure compliance with the necessary legislation.
Although the Companies Act means it’s not possible to insure against a criminal fine or penalty, a comprehensive D&O policy can cover the defence costs where an investigation is instigated against a director. If the judgement is made against the director then they must pay these defence costs back and cover the fine themselves.
Some civil fines and penalties fall outside of this bracket: typically whether the fine is insured or not depends on the view of the court.
Directors can now be held personally responsible for various business offences in the UK such as fraud and bribery. Implemented in 2011, The Bribery Act places the focus on the role of individuals in the act of bribery, as well as loading the responsibility onto a commercial organisation for not implementing effective measures to prevent bribery in the first place. D&Os must ensure that the relevant infrastructure is in place to prevent this, as well as ensuring that they themselves comply with the legislation.
What are the challenges for insurers?
As awareness of this shift towards personal liability increases, the market for D&O insurance grows, becoming essential not just for senior staff at large multinationals, but also for management within SMEs.
Although this area of insurance could be considered opportunistic, it’s also reacting to valid concerns of today’s D&Os looking to protect themselves from a number of very real business risks.
The rapid development of technology, the fall-out from Brexit and the increasingly global focus of many businesses are just three of the major challenges underwriters will have to contend with over the coming years.
Stride has over 40 years’ experience of protecting Directors and Officers. We can help you to identify emerging risks and create tailored policies, meaning your clients are in safe hands.
D&O Development article from Insurance Post, October 2016