Public companies operate in a complex, constantly shifting risk environment. Emerging compliance requirements, regulatory enforcement trends, precedent setting court rulings, and trending follow-on claims are just a few examples of shifts in the GRC landscape that can significantly alter the risks public company directors and officers must navigate. Below we summarize the current risk environment while addressing public company D&O insurance and its role in protecting both the corporate entity and its executives. Those interested in skipping directly to the D&O insurance guide can locate that just below risk assessment (half way down). To schedule a policy assessment or obtain a quote, please contact us or click here.
Securities Claims: Securities class action filings are at record high for 2017 & 2018. According to Cornerstone’s 2018 Mid Year Securities Class Action Assessment, this is due in large part to the large number of merger objection claims, which account for roughly half of all claims brought against public companies. The sectors most affected by class action filings include: 1) consumer cyclicals, 2) communications & tech, 3) financial & real estate, and 4) healthcare & bio-pharma. Despite these record high filings however, there may be some good news – according to LexMachina’s Securities Litigation Report, damages & settlements are down significantly, and it appears defendant wins and dismissal rates are up. While this may be comforting to the c-suite, when discussing public D&O insurance it’s important to remember that despite the increase in defendant wins, significant costs can still be incurred while defending against such claims. In fact, some experts are citing increasing defense costs despite the high dismissal rates.
Investigations & Enforcement Actions: Public company boards regularly cite regulatory/administrative investigations and proceedings as a primary concern. The Yates Memo however has heightened that concern by emphasizing personal accountability and the aggressive pursuit of individual wrongdoers. While SEC enforcement initially appeared to be significantly down for the first half of 2018, the SEC's recent enforcement report indicates a sharp increase in the second half. In summarizing the current regulatory environment, we refer to Cornerstone’s 2018 SEC Enforcement Report:
In order to assist the c-suite and their counsel with assessing their D&O policy's regulatory coverage, we recently published an informative whitepaper and checklist available (here).
FCPA Enforcement: When discussing FCPA enforcement trends, the risks to individual directors and officers is greater than ever. The number of enforcement actions are already up as of Q3 2018 (compared to 2017) and the DOJ is continuing their aggressive pursuit of individual wrongdoers, often with criminal charges. On a more positive note for public company entities however, the Benczkowski Memorandum signals a significant shift in enforcement tactics, as the DOJ appears to be scaling back its usage of corporate monitors - a costly, time consuming, and resource-draining endeavor for organizations. This is also evidenced by the fact that there was only a single action as of Q3 2018 that resulted in the implementation of a corporate monitor. In addressing M&A due diligence within the context of FCPA enforcement, companies engaged in mergers and acquisitions will now need to approach their transactions with a stronger focus on compliance, as the DOJ has recently extended FCPA enforcement to successors in M&A transactions. For those interested in a more in-depth assessment of FCPA enforcement trends, Arent Fox has a well-researched report (here).
Cyber & Privacy Risk: Cyber-security failures and privacy failures pose significant risks to public companies and their boards. While cyber-security failures are generally well understood, privacy failures are a bit less understood, yet quickly becoming an emerging risk. These failures generally revolved around unauthorized collection of, sharing of, or access to, data – in violation of any privacy or opt-in agreements. The FTC action and subsequent class action against Vizio for its unauthorized collection of users’ private viewing data is a strong example of such failures. The financial and reputational damage inflicted by data breaches and privacy events however, are often just the tip of the iceberg. These failures can quickly trigger shareholder litigation in the form of class action lawsuits or derivative actions - a trend that is expected to grow. They have also attracted the attention of regulators who have responded with increased compliance & disclosure requirements, investigations and hefty fines. As we outline below, cyber/privacy risks to public companies are multi-faceted.
Sexual Misconduct Claims: In addition to shareholder claims following cyber/privacy incidents, event driven securities claims are also being fueled by shareholder suits and derivative claims following allegations of sexual misconduct. CBS, Guess, Wynn Resorts, National Beverage and Signet Jewelers are just a few companies that have encountered such litigation, and the list is growing. In response to these emerging claims, public company boards’ should carefully review the terms and conditions of their D&O policies, while negotiating any problematic exclusions and necessary carve-backs, as discussed in our recent post.
Emerging Industries: Companies engaged with cannabis, crypto-currencies, or ICO’s (initial coin offerings) face considerable challenges. Operating in an unpredictable and turbulent regulatory environment, companies in this sector are encountering aggressive regulatory scrutiny while becoming an emerging source of class action claims. While D&O insurance is available for both cannabis companies and those engaged with ICO’s, companies engaged in this space will encounter some significant challenges. In addition to high premiums and a small pool of insurers, coverage for regulatory actions/investigations and securities claims against the entity (Side-C Coverage) may be entirely unavailable. For those operating in this space, we have previously published some guidance on D&O placement (here) and (here).
New IPO’s and Secondary Offerings: The Cyan ruling, means that plaintiffs can now pursue SEC ’33 act claims in state courts which historically have been viewed as more plaintiff friendly. According to Cornerstone’s securities report which we linked above, there has been no noticeable pattern in plaintiffs’ forum selection just yet, but it’s likely still too early to tell. Companies and their directors should however be aware that this ruling can result in increased defense costs, particularly when securities claims are brought concurrently in multiple courts. For this reason, companies undertaking an IPO or secondary offering should carefully assess the limit adequacy of their D&O programs and consider purchasing higher limits when able.
Side A (Director Liability): Provides direct, first dollar coverage (in the form of defense costs and damages/settlements) for claims asserted against the company’s directors and officers when the company is unable to indemnify them. Most commonly, this is either due to financial insolvency, or being legally prohibited due to laws or statutes, such as during a derivative claim (alleging breach of fiduciary duty), or a claim which asserts allegations against a director that are deemed to have been committed in “bad faith”. For those interested, Chubb has a nice brochure with numerous Side A claim examples (here).
Side B (Corporate Reimbursement): The Side B insuring agreement provides protection for the corporate balance sheet by reimbursing or advancing the costs associated with indemnifiable claims against its directors and officers. Examples may include: civil proceedings (such as merger objection claims against the board), regulatory investigations & proceedings, and potentially criminal proceedings.
Side C (Entity Coverage): Coverage for defense costs and damages/settlements for claims asserted against the entity. In contrast to the broad entity coverage provided to private companies, public company D&O Side-C coverage is limited solely to securities claims. That would of course, include securities class actions following; enforcement actions, cyber-security failures and allegations of sexual misconduct as discussed above.
Side D (Derivative Investigation Coverage): Provides coverage for investigative costs and costs associated with books and records requests, following shareholder derivative investigations.
Traditional D&O Endorsements:
Side A DIC: Side A DIC (difference in conditions) is a unique product that provides; 1) excess side-A coverage, effectively increasing the overall limit available for non-indemnifiable claims against directors and officers, and 2) broader primary side-A coverage which “drops down” to fill any gaps in the underlying carriers form. Side-A DIC policies are also able to bypass standard “presumptive indemnification” clauses, granting executives direct coverage if the corporate entity refuses to indemnify them. Combined with its broader coverage terms, this makes Side A DIC a valuable tool during investigations and enforcement actions against named individuals who would otherwise be forced to meet a high retention before accessing coverage under the underlying D&O policy. As a true risk multi-tool for the c-suite, incorporating a Side-A DIC policy provides a number of additional benefits as well, which we summarize in our recent article here.
IDL/ODL: With numerous directors and officers sharing one policy limit, even a single claim can quickly exhaust coverage. This is particularly true when individual insureds hire their own counsel resulting in inflated defense costs. Independent and outside directors may have concerns that they may be the last in line to receive coverage. As its name would suggest, independent director / outside director liability policies are Side-A only policies entirely reserved for claims made against independent and outside directors.
Cyber Insurance: As evidenced by multiple surveys, Cyber-security and privacy failures have become a leading risk concern among the boardroom – in some surveys, surpassing concerns of regulatory actions and investigations. Cyber insurance provides coverage for costs arising from cyber-security failures, such as lost income, forensic costs, network restoration costs, ransom demands, regulatory costs, and more. With both cyber-related shareholder litigation and cyber enforcement on the rise (and expected to increase), it’s becoming increasingly important to assess the scope of the organization’s cyber insurance policy along with any cyber exclusions embedded within the company’s D&O policy in order to ensure coverage is in-tact.
M&A Insurance (Reps and Warranties): Reps and warranties insurance provides both buyers and sellers, protection against claims resulting from unintentional breaches made in the representations and warranties, during a transaction.
Specialized Investigation Policies: With regulators aggressively pursuing individual wrongdoers, and increasing concerns over potential FCPA actions and costly SEC investigations, it’s no wonder public companies often inquire about the ability of their D&O policies to respond accordingly. Coordinating a D&O policy to effectively respond to regulatory actions and investigations, while possible (to a certain extent), can be difficult. This is particularly true for informal investigations and those brought solely against the entity itself, as opposed to investigations brought solely against individual directors or officers. Even when coverage appears in-tact, damages such as “costs to produce documents” may be excluded or other requirements may need to be met in order to trigger coverage. Some insurance companies have identified the demand for thorough coverage, and responded by introducing specific endorsements and/or specialized policies particularly for investigations
Premiums: Premiums for public company D&O generally begin at an annual premium of 20k for a 1 Mill limit. It’s important to note that this is a minimum premium and applies to all companies regardless of size (whether a nano-cap OTC filer or mid-sized company). Premiums will increase from there, sometimes significantly. While the premium will greatly depend on the financial strength of the company, there are a number of underwriting criteria factored when determining pricing and acceptability, including: limits being purchased, prior claims, industry risk, ownership structure, and high risk events such as financial restatements.
Application process: Due to public filings, much of the information required to underwrite a public company is already publicly available which eases the process to a certain degree. Companies should however be ready to provide the following:
Time Frame: Whether you’re in the market for a first time D&O placement or approaching a renewal, it’s important to start the process early. While quotes can be obtained in some cases as soon as 2 weeks, its generally best to allow for 1-2 months in order to allow enough time to receive proposals from all of the carriers and allow sufficient time for coverage/term negotiations. Companies contemplating a future public offering are also best advised to purchase a private D&O policy well in advance of any potential offering or roadshow.