New Liabilities Created By Sarbanes-Oxley; Are Your Directors, Officers Covered?

Having finished reading the lawsuit, the phone ringsits your outside law firm informing you that the company, CEO, CFO and your accounting firm have been sued in a class action brought by public shareholders.

Your general counsel walks in, announcing that the accounting firm is filing a cross-claim against the CEO and CFO for hiding this little procedural hole.

You decide you need a second cup of coffee.

Back in your office, the phone rings again. Hand trembling, you pick it up. The Securities and Exchange Commission is launching a civil and criminal proceeding against your company, your CEO and your CFO.

Is any of this covered under your directors & officers liability insurance?

Maybe. Maybe not. It depends on how last years renewal went.

S-OX, also known as the Public Company Accounting Reform and Investor Protection Act, creates new corporate governance standards and reporting rules. The Act was passed as a response to the avalanche of scandals over the past few years among several high-profile companies and is extraordinarily broad with 11 titles and 66 sections. (See www.sarbanes-oxley.com.)

S-OX introduces powerful safeguards to ensure corporate honesty; however, it also presents challenges to maintaining broad and affordable D&O coverage for the vast majority of law-abiding corporate policyholders.

Although the full scope of potential liabilities created by S-OX is not yet clear, what is clear is that the new certification obligations of CEOs and CFOs and other enhanced corporate governance provisions of S-OX will be cited by injured parties seeking redress for losses caused by corporate misfeasance. As a result, the price, availability and coverage of D&O coverage is inextricably linked with the Acts provisions.

Insurers recognize that S-OX has increased D&O liability risks. This fact, combined with the hardening of the D&O market in recent years due to poor loss ratios, has made it difficult for corporations to secure adequate D&O coverage. Risk Managers, particularly those at large corporations with multiple subsidiaries and operations, should take a proactive role in designing D&O insurance coverage to assure sufficient protection.

There are two key areas on which Risk Managers should focus: (1) obtaining broad policy language and (2) making full disclosure on the D&O application.

(1) Obtaining broad policy language

D&O insurance has never had a standard form policy. Insurers commonly use two insuring agreements: Coverage A–coverage for the individual officers and directors; and Coverage B–coverage for the corporation for those amounts it could be legally permitted or required to pay to reimburse individual directors or officers. However, there are many provisions, conditions and exclusions which can and do vary among underwriters. Some D&O policies even provide coverage for the corporations own direct liability (as contrasted with its liability to reimburse directors and officers for their direct liability).

Even when risk managers and insurance producers work with underwriters to clarify policy provisions, the interpretation of such provisions by a claims handler may differ markedly. For example, a "loss" may exclude certain types of damages such as taxes, criminal or civil fines, and punitive or exemplary damages or multiplied damages. The CEO and CFO in the hypothetical example above may or may not have defense coverage for a criminal SEC investigation. They may or may not have coverage for "equitable relief" that can be awarded under S-OXs civil liability provisions.

The term "wrongful act" is typically defined broadly; however, it may be restricted by a fraud or dishonest act exclusion. That exclusion may or may not extend to an allegation that the CEO and CFO were reckless in not discovering that the newly hired financial expert was a pathological thief with a criminal record.

Also, insurers may revise their D&O policy forms to tighten provisions and reduce the scope of coverage to exclude potentially large liabilities created by S-OX. This may include specifically excluding liabilities based in any way on violations of S-OX.

What can a Risk Manager do?

This may be a good time to shop your D&O coverage around to seek the broadest coverage available. Despite the hard market, insurers are still selling D&O insurance and need to compete for that business. The more risk managers shop, the more insurers will have to compete on the basis of price and coverage.

There is a great deal of uncertainty as to whether S-OX will actually increase D&O risks long term. While claims may increase until corporations develop best practices for complying with S-OX, in the long term, higher standards of corporate conduct may reduce D&O claims. Insurers who attract market share by providing adequately broad coverage now may well benefit by obtaining a large profitable book of business.

In seeking broader coverage, risk managers should specifically consider requesting some of the following:

Broad definition of "claim" that includes investigative proceedings.

Entity coverage.

This coverage became available and popular after extensive litigation between policyholders and insureds over allocation of settlements between covered D&Os and uncovered companies (the entities) in the 1990s. Having coverage for both eliminated the need to allocate. Although there are allocation provisions now where there is no entity coverage, those provisions are vague and do not solve the problem. Currently, this coverage is difficult to obtain because insurers had bad experience (loss ratios) once they started providing the coverage. The current hard market is likely only temporary and risk managers should continue to seek this coverage.

Coverage for punitive or exemplary damages as well as multiple compensatory damage when allowed by law.

Some statutes allow double or treble damages. There is dispute in the courts over whether or not such damages constitute punitive damages. In fact, sometimes they do, but sometimes they are meant to be a proxy for actual damages where hard-to-prove soft damages should be recoverable. A specific provision dealing with how multiple damages will be treated under the policy benefits policyholders and insurers alike by removing a potential area of dispute.

Defense coverage outside of policy indemnity limits.

Guarantee of prompt action by the D&O carrier.

This provision is not an absolute, as the undefined term "prompt" is subject to interpretation; however, it imposes a sense of urgency and a basis for legal action.

Claims-made form without a retroactive date.

It is difficult to obtain D&O coverage on an occurrence form. Hence, having a long (or no) retroactive date protects the insured against claims that have been dormant and have, during the current policy period, just been asserted by the plaintiff. For example, suppose an officer negligently failed to discover that one of his subordinates cheated a client on a written contract over a several year period. The customer could sue many years after the initial bad conduct and even several years after discovery of the loss. If the retroactive date does not go back far enough, the policy will not cover the loss.

In addition, exclusions that risk managers should to try to avoid (or limit) by negotiation include the following:

Loss resulting from violation of S-OX provisions.

Claim brought about by or contributed to by any dishonest or fraudulent act, or any willful violation of any statute, rule or law by any "insured;" or by any "insured" gaining any profit or advantage to which such "insured" was not legally entitled.

Loss due to violation of securities laws.

Claims by, or at the behest of, the "insured entity."

Claims based on, or arising out of, any prior or pending litigation as of inception date.

(2) Making full Disclosure on the D&O application

Insurers also can be expected to require more information from a firm requesting D&O coverage, such as extensive information about corporate compliance with S-OX. Any material misrepresentation found on the application could result in the policy being rescinded and coverage lost.

Careful attention to detail when completing the application is important and may require legal assistance.

Of particular importance will be a careful review of a proposed officers or directors background. Even slight improprieties and perceived conflicts of interest should be examined. (No one wants to discover that they have hired or appointed a pathological thief like the hypothetical financial expert described above.)

The standard question, "Does any insured have any information on a situation that may cause a loss under this policy?" is a difficult question to answer accurately when the "insured," by definition, includes 80,000 employees. In investigating a subsequent loss, this question gives the insurer a wide field for investigation to find someone in the company who had enough knowledge to predict the loss (regardless of whether that person did so). An appropriately limiting answer, or including a provision that one insureds knowledge cannot be attributed to another insured, may help.

Corporate policyholders also will be asked to certify that they will comply with all S-OX provisions. While a prerequisite for obtaining coverage, such certification contains a major drawback in as much as Congress, the Securities and Exchange Commission or the Audit Commission can enhance requirements during the policy period. Hence, the answer to this question may require updating during mid-policy period if the answer is not appropriately qualified.

The hard work corporations are doing to comply with S-OX should be communicated to prospective D&O insurers. The application process can, in that light, provide a second review of the internal controls and procedures being implemented to comply with S-OX.

The Sarbanes-Oxley Act has created new challenges in obtaining adequately broad D&O insurance, but it has also created new opportunities.

John S. Vishneski III is a partner for the firm Mayer, Brown, Rowe & Maw LLP in Chicago, Ill. Mr. Vishneski focuses his practice on representing policyholders in complex insurance coverage litigation. He can be reached at jvishneski@mayerbrownrowe.com

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, November 26, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.