WTW’s Financial, Executive & Professional Risks (FINEX) Practice collaborates with professionals throughout the directors’ and officers’ (D&O) liability insurance industry to gain perspective into the many facets of our business. In our “D&O Professionals Series,” we feature professionals from various corners of the industry, from executive D&O underwriters to securities litigators to coverage counsel and others. Our objective is to discuss how ever-changing conditions in the broader economy and in business have impacted D&O risk, securities litigation and our industry more broadly.
With a focus on the UK's mandatory climate-related risk reporting and the rise of activist claimants, we'll uncover the critical issues shaping the responsibilities and risks faced by directors and officers today. Join us as we dissect these pivotal developments with the expertise of Mark Pring and Catherine Lewis of Reed Smith LLP.
WTW: What developments have you seen in D&O risk for global financial institutions over the past few years? How does the position differ for commercial organisations?
RS: There has certainly been increased regulatory oversight over the past two decades – following government bailouts after the collapse of Lehman Brothers and the global financial crisis.
In the UK, there are new reporting obligations on climate-related risks. The UK became the first G20 country to put into practice the goals of the Task Force on Climate-Related Financial Disclosures by making it mandatory for the UK’s largest companies and financial institutions to report on their climate-related risks and opportunities.
At the same time, activist claimants in the UK, supported by institutional investors, therefore potentially have greater ability than in other jurisdictions to hold corporates to account. They can closely scrutinise metrics disclosed by corporates, as well as their net zero transition plans with reference to the impact on agreed international targets.
This is the “information paradox”: inadequate disclosure of information may give rise to corporate liability, yet publication of this same data may equally provide a foot in the door for strategic litigation against the same corporates.
Increasing the sustainability disclosure obligations for public companies heightens the risk for businesses, as claims for misstatement or publication of misleading disclosures can be brought against companies by investors.
Whilst there have not as yet been any notable “greenwashing” legal cases in the UK, regulators are ramping up their focus on misleading and unsubstantiated claims by companies about their environmental impact. Most recently, the CMA has started an investigation into whether Unilever has overstated the sustainability of some of its products. Similarly, adverts for major international airlines have recently been banned for misleading consumers about the airlines’ environmental impact. There will undoubtedly be more regulatory scrutiny of similar marketing endeavours by other companies making climate-related statements and advertisements in 2024.
Another significant regulatory development in the UK is the FCA’s issue of Policy Statement 22/3 (introduced in mid-2022), which introduced changes to the UK Listing Rules and imposed a new “comply or explain” obligation to improve the diversity of the board and executive management of listed companies. A key concern for businesses as a result of these “comply or explain” requirements will be the extent to which claims under s90A of FSMA (the Financial Services and Markets Act 2000) might follow, alleging misleading disclosures in, for example, annual reports.
This is not likely to be the end of DE&I policies implemented by UK regulators. We can for instance expect both the FCA and PRA increasingly to focus on the diversity of businesses listed in the UK.
In addition to the make-up of a company’s leadership, we are also seeing increased scrutiny of supply chains. It is no longer sufficient to ignore (or, worse, profit from) bad practices or illegal activity happening elsewhere around the globe.
WTW: What D&O risks do you predict becoming significant in the near future and does this differ between global financial institutions and commercial organisations?
RS: We are living in a volatile time. There is inflation across the globe, and significant conflicts continuing in the Ukraine and the Middle East. With these geopolitical tensions and with that comes fluctuations in energy, supply chain, and raw material costs as well as currency fluctuations. 2024 is also a year of significant elections.
Companies with direct exposures in these certain industries (such as energy, commodities) are the most likely to face significant challenges. As those companies feel the pressure, the financial institutions behind such trading arrangements will also feel the pain.
WTW: What do you think are the greatest challenges for companies in managing D&O exposure?
RS: Reputational consequences and media attention can be just as significant as dealing with actual claims.
We have (as discussed above) seen global financial institutions come under scrutiny for making misleading claims in relation to their green credentials.
This will continue to be a focus of regulators, as they scrutinise the sustainability statements made by banks and other institutions. Alongside regulatory scrutiny is increased investor activism and potential class actions. This is particularly the case in the climate arena and may well develop in other areas, such as DE&I and equality commitments.
All businesses, but particularly financial institutions, rely heavily on cyber technology. Disruption to cyber services cause significant risk to operations. The recent CrowdStrike outage in July 2024 will have caused many businesses to reflect on their resilience and business continuity planning. Financial institutions are also highly vulnerable to cyber threats, particularly attacks from cyber criminals (including phishing, ransomware and other sophisticated attacks). Risks of outages and attacks may not seem connected, but both can cause significant chaos, threatening continuity of operations, as well as risking exposure to regulatory investigations, fines and third-party claims. As the CrowdStrike outage demonstrated, reliance on third party vendors can cause significant disruption and supply chain due diligence will remain an important consideration for business. In addition to having robust policies and practices in place, financial institutions should ensure that liability cover across professional lines, D&O and cyber provides continuity and reliability of response.
WTW: How do you think that companies can maximise their D&O insurance recoveries?
RS: There are a number of steps that companies can take to help maximise insurance recoveries.
Companies should have robust policies and procedures in place to address the developing regulatory requirements. This should include efficient record-keeping and ensuring that there are robust reporting lines. This will help facilitate prompt notification of any potential concerns and ensure the maintenance of any supporting information.
Companies should also implement clear processes for reviewing and updating policies to ensure that any new developments are captured and among other matters some of our recommendations include:
Implement clear sustainability and ESG frameworks that cut across all business stakeholders.
Produce environmental and social impact assessments and, just as importantly, have processes in place to monitor and update them so risks remain relevant.
Prepare and implement policies and procedures to address the developing regulatory requirements. These policies should include record-keeping and ensuring that there are robust reporting lines. This will help facilitate prompt notification of any potential concerns and ensure the maintenance of any supporting information.
Ensure that controls and processes are in place to ensure early identification of specific threats facing businesses. Specifically, ensure that the Money Laundering Reporting Officer (MLRO) and other reporting and compliance functions are connected to the areas of the business where risks may arise to ensure prompt notification to the insurance and legal teams.
Engage proactively with legal teams to stay abreast of rapidly changing legislative and regulatory frameworks. As discussed above, it is no longer acceptable (or possible) to turn a blind eye to overseas actions.
Have dedicated ESG managers whose role it is to collect relevant data and monitor risk.
Have clear plans for implementing targets, whether climate-based or DE&I-based. These plans should have concrete steps that can be demonstrated to insurers and regulators.
WTW: WTW’s Global Directors’ and Officers’ Survey this year showed a big change over previous years, with the subject of “Health & Safety” coming out as the number 1 risk concern for directors and officers. Even for the finance and insurance sector, Health & Safety appears as the number 4 risk for directors out of 28 (having not been in the top 7 at all for the finance and insurance sector last year). Does that reflect your expectations and what do you think could be the reason for the change?
RS: The past couple of years have seen an increased awareness of mental health risks rather than “traditional” physical injury – the ‘slip and trip’ claims, or the long-running asbestosis and mesothelioma claims.
There are regular media reports about burnout of staff at all levels – in some tragic instances leading to death. Covid-19 brought with it a perception of the benefits of increased flexibility in the workplace, but also increased the extent to which employees are ‘on’. We are also perhaps only just beginning to grapple with the harmful effects of social media on mental health. Financial institutions, along with professional services firms and household-name global conglomerates can often be the focus of media attention surrounding employee mental health. International celebrities are also being more vocal about taking time out because of mental health issues, further increasing public awareness. There is also an increased sense that companies need to do more than simply paying lip service to mental health concerns – and that if they fail, they will be increasingly held to account by employees.
Whilst there is a risk of D&O claims arising out of health and safety exposures, companies should in any event see addressing mental health concerns as a more integral part of good business practices. Staff (again, at every level) who are overworked and under-appreciated are, arguably, more susceptible to leaving and a high turnover of staff is then a ripe environment for decreasing morale, a consequent decline in productivity and, an increase in training and other costs.
WTW: Do you think AI will be a material D&O risk over the next three years? Why or why not?
RS: AI is developing quicky, but we expect its wholesale adoption by global financial institutions to be slow while the risks of the new technology continue to be carefully evaluated.
Whilst early adopters may see benefits in terms of certain costs and other efficiencies (and a competitive edge), financial institutions in particular risk face increasing exposure if implementing AI for decision-making without adequate notification or disclosure to customers, shareholders and other stakeholders. Our expectation is that we will see AI-related issues increasingly becoming a D&O risk, but perhaps over the medium term, the next 5-10 years. In this regard, we also expect that insurers will be asking questions on the use of AI, along with proposals for the mitigation of any associated risks, as part of any placement or renewal process.
There are clearly risks involved in adopting such new technology – including risks of AI bias, technology failures, or a failure in terms of reporting on the use of AI (and its scope). These potential risks could lead to allegations being raised not just against corporates but also against their directors and officers.
At this stage, we anticipate that it will still take some time to see significant claims start to come through in the UK. Other jurisdictions are seeing claims and legislation develop at a faster pace: in the US, for example, there has been an ‘AI-washing’ claim by the SEC against an AI hiring start-up, and the EU has introduced the first AI law in the Artificial Intelligence Act (which will come fully into force in August 2026).
Financial institutions that are adopting AI should ensure that there are robust policies and procedures in place to record all decision-making, tracking, security measures and staff training. They should also ensure that their cyber risk insurance policies, D&O liability policies, professional liability policies (and potentially product liability policies if the FI produces apps/other technology for use by its customers) all work together to ensure there is adequate protection for the risk.
Catherine is a senior associate in Reed Smith’s Global Commercial Disputes Group and has particular expertise in insurance recovery and international arbitration. Catherine advises on the coverage position and claims under a wide range of policies, including professional indemnity, Directors & Officers, crime and property policies.
Mark is a partner in Reed Smith’s global Insurance Recovery Group, a globally recognized team of coverage attorneys operating internationally who are committed to providing support only to policyholders. That support encompasses acting for corporate and individual insureds (including directors and trustees) in a range of matters, from claims and disputes handling to risk management and policy advisory work.