Your appointment to a board of directors can create a lot of opportunity but, even as a non-executive director, you can be exposed personally for the actions or omissions made in the performance of your duties which in turn could lead to the payment of fines, compensation or even imprisonment.
When joining the board of a company, as part of your due diligence, it is always wise to review the extent of cover that is in place under the company’s directors & officers liability insurance policy (D&O). D&O offers personal protection against claims relating to your decisions and actions within the scope of your role.
However, not all arrangements are the same and the underlying D&O wordings can sometimes be hard to navigate. Liam Fitzpatrick of Marsh sets out 10 points that new board members need to look out for.
1. Is the level of cover appropriate?
There is no formula to determine the perfect amount of D&O insurance, but does the amount of cover in place look reasonable for the industry in which the company operates? When was the last time that the company asked its insurance broker to benchmark the level of cover against its peers?
2. Is the policy limit in the ‘aggregate’ or ‘any single claim’?
The policy should ideally be on an Any One Claim basis - however, this is not usually available for financial institutions. An Any One Claim limit means that there is one limit available for all matters that arise from a related claim. To the extent that subsequent matters arise from unrelated claims, a “fresh” limit will apply.
Where cover applies on an Aggregate Claim basis, this means that once a claim or series of claims have reached a sum that has been pre-agreed with the insurer or insurers - for example, £10m - cover will cease to be in place for the remainder of the policy period. It is important to get the aggregation language in the policy correct and to apply the broadest possible language possible. We recommend you ask your insurance brokers to advise on appropriate language.
3. Are there additional limits in place for the non-executives?
A robust insurance programme will include an additional limit for non-executive directors (and sometimes executive directors) that provides extra cover where the limits have been exhausted and no other indemnification is available.Typically, additional limits are up to £1m per director for any single claim. Where a number of directors are taking advantage of the additional limit on the same claim, restrictions to an aggregate figure may be applied.
4. Insured persons
New board members should check the definition of Insured Persons to ensure that it is wide enough to cover the role that they are taking on at the company, including any committees they may be involved with and/or where the company is a financial institution, you want to make sure that appointments within the Senior Managers Regime are captured.
5. Check insolvency protection
For most company directors, the most significant litigation scenario that they can conceptualise is insolvency. When in insolvency, a company may not be able to indemnify its directors, so it is critical to ensure that:
a. The policy does not terminate on insolvency of the company.
b. The policy covers the costs of investigations, including dawn raids and information requests.
c. The policy covers the costs of defending disqualification proceedings.
d. Advance defence costs are covered by the policy until there is a final, non-appealable adjudication of fraud or criminal conduct.
e. The policy covers the personal liability of directors for non-payment of corporate taxes.
f. The D&O insurance policy does not require directors to pay a retention before coverage applies when no indemnification is available.
g. Claims brought by an insolvency administrator or creditors committee are not barred under “insured vs. insured” exclusions.
h. The policy includes a priority of payments provision that expressly provides that insured individuals seeking payment of loss have priority of claims for coverage over payment to the entity.
i. The policy provides some public relations expenses cover to assist with the reputational fallout.
6. Investigation coverage
The policy should allow for the recovery of expenses relating to formal interviews or document production costs, where a director or senior manager has been brought into an official investigation in their personal capacity.
Some policies will only include cover for internal investigations that are carried out in response to a request from an official body, but policies that are more in line with current practice should include costs incurred at the pre-investigation stage, costs associated with dawn-raids and the costs involved with self-reporting to official bodies.
7. Side A DIC coverage
For companies listed on a regulated exchange, you may want to ensure that ‘Side A DIC’ insurance is in place. This insurance effectively sits on top of a traditional D&O insurance programme and can drop down to provide coverage if:
a. The company refuses to indemnify the director(s) for whatever reason or is unable to do so.
b. The underlying D&O programme has been exhausted.
c. There are gaps in the underlying insurance programme, eg the underlying insurer fails or refuses to pay, attempts to rescind coverage, or becomes insolvent.
The rise in usage of Side A DIC policies has come at a time when law makers, regulators, and prosecutors are seeking to hold more individuals in senior management personally accountable, while companies are being incentivised and are functionally required to investigate conduct within their organisations and report their findings to authorities.
8. Lifetime run-off
Through the life of a company, the make-up of the board will change even outside of M&A transactions. New board members therefore want to ensure that lifetime run-off cover is in place for directors that resign for reasons other than a transaction; this means they will then continue to have cover in place for any claims relating to their directorship that are brought long after their resignation from the board.
9. Review cyber insurance coverage
When a cyber security breach does take place, the actions of the board and senior management may be under scrutiny. Board members may breach their fiduciary duties to the company and its shareholders if they fail to implement appropriate reporting, system or cybersecurity and data protection controls; or having implemented such systems and controls, if they fail to monitor or oversee these. The actions of the board of directors and C-suite management may also come under scrutiny for their actions during and immediately after a cyberattack or data breach with regard to how they handle notifying the relevant authorities, the financial markets and persons whose data may be affected.
Therefore, it is important that the D&O coverage is wide enough to respond in the event of any litigation that alleges a breach of fiduciary duties related to cyber and, to the extent insurable, GDPR issues.
10. Are the exclusions relevant?
Fraud is a standard exclusion, but new board members should ensure that any fraud exclusion only applies in the event of a final, non-appealable adjudication. The other exclusion you would expect to see in a typical D&O policy is a retroactive exclusion which excludes cover for acts that are committed (or alleged to have been committed) prior to a particular date: normally from the point that the D&O cover was first taken out or from a transaction date.
Any other exclusion should be relevant to the business and its operations.
Sticking with these 10 points will certainly assist you in analysing whether the existing insurance is fit for purpose. If it isn’t, you should insist on the insurance being improved prior to joining the board or seek assurances that the cover will be reviewed at its next renewal.
 European General Data Protection Regulations