D&O insurance, by design, broadly protects corporate officers and directors against claims alleging “wrongful acts,” which term itself is defined to encompass just about any actual or alleged wrongdoing in that individual’s official capacity. Perhaps in that vein, the policy’s definition of “director and officer” has historically been worded with a degree of ambiguity. Policy language referring to “duly elected or appointed” individuals, for example, provided enough flexibility for both insurers and insureds. But that flexibility is now being tested by evolving corporate structures and expanding executive roles.
As new corporate titles emerge — especially in areas such as cybersecurity, artificial intelligence, compliance and sustainability — requests for clarity are becoming more frequent. It’s true that, in public company D&O policies, all organization employees are “insureds” for purposes of “securities claims” and, in some instances, when they are named contemporaneously in a claim with a director or officer, but rarely otherwise.
The traditional approach may no longer be the most suitable long-term solution. We should consider adopting a more functional, sustainable and reliable solution as to who qualifies as an “officer” for purposes of coverage.
D&O policies have long included broad coverage grants to “insured persons,” including “directors and officers,” traditionally defined as “duly elected or appointed” officers and directors. A minority of U.S. policies have dropped the “duly elected or appointed” condition altogether. With either approach, the intent may have been to align coverage with individuals who, under different state corporate laws or governing documents, are treated as directors and officers within their organizations. This circularity (an officer is an officer) has allowed companies and insurers to maintain flexibility across different governance structures and jurisdictions.
The model worked when corporate hierarchies were relatively simple and most officers fell into defined categories, such as CEO, CFO, COO and General Counsel. In loose terms, most U.S.-based D&O professionals considered “officers” to be C-suite level, Section 16 officers, with there being little or no controversy surrounding that description.
Some policies, particularly those issued in London and, to a lesser degree, the U.S., open up the definition of “director and officer” to include a longer list of individuals, such as de facto, shadow and observer directors. Specific to officers, the definition may extend to anyone in a management or supervisory capacity. In regions outside the U.S., these wordings are customary and have not given rise to any notable coverage adequacy concerns.
In recent years, companies have been approaching their brokers for clarity on whether their CISOs were included in their D&O coverage with full officer-level status. After the SEC brought charges against the CISO of Solar Winds in 2023, the inquiries have intensified.
But is clarity only required of CISOs? Similar questions also emerge relative to others, among them, compliance officers, “people” or HR officers, finance-related officials, heads of ESG and sustainability and, most recently, those leading artificial intelligence efforts — all individuals who carry important decision-making authority, and who may face legal and regulatory exposure as a result.
Legacy efforts at deliberate ambiguity may no longer work to provide companies with the assurances that many of them desire. Does the term “officer” in a title, by itself, or formalities around appointment, automatically determine their status as “officers” under the policy? Perhaps. But if certainty is the expectation, is “perhaps” good enough?
To address this, many U.S. brokers and insurers have negotiated endorsements to include individuals by name or title within the definition of “director and officer” (or “executive” or similar verbiage). To be perfectly clear, there is nothing structurally unsound with this approach. It addresses the need, it is customary under the circumstances and worded properly, it should not be considered an approach with downside coverage risks. But it’s a shorter term solution and not an ideal longer term solution. It cuts against the grain of the policy’s intended breadth. It requires insureds to anticipate what roles might trigger coverage in future claims, and it adds burdens to policy negotiations and renewal processes.
In addition, these types of endorsements are not likely to scale well over time. As new roles are established and executive responsibilities expand, the approach risks falling behind. It also creates inconsistency among insureds with similar risk profiles.
There is a more sustainable alternative to the endorsement that schedules individuals. As one of its core functions, D&O insurance is a backstop to corporate indemnification. Therefore, the definition of “director and officer” should be aligned with indemnification rights. If the corporation indemnifies an individual for claims arising from their duties, or would have indemnified them but for factors such as financial insolvency, that individual should be a “director and officer” under the policy. Wording exists in the market to achieve this, but it has not been widely adopted. It should be.
To be clear, the approach is intended to be an additional element of the definition, not a replacement of existing wordings. It is designed to reflect the economic reality of D&O coverage. It avoids the need for title-based distinctions and includes individuals based on the functions they perform and the exposures they face. It also syncs up coverage with actual risk management practices, which often involve indemnifying executives beyond the traditional C-suite officer ranks.
Adopting an indemnification-based element of the definition provides several advantages:
There’s an added benefit in the context of today’s marketplace. At a time when D&O insurers are pressing for rate stabilization, coverage innovation may present an opportunity for them to differentiate themselves.
The question of “who is an officer” is significantly less of a concern as it relates to private, not-for-profit company D&O policies. For these organizations, the term “insured person” is customarily defined to include all organization employees without securities claim or co-defendant limitations. Thus, the coverage applies to a wider variety of claims against any employee who commits or allegedly commits wrongful acts in their capacities as such — subject, as always, to the policy’s other terms and conditions.
Who qualifies as an “officer” under a public company D&O policy isn’t an academic subject. It has real-world consequences for risk transfer, claims handling and recovery and executive protection. As an industry, we should recognize that titles no longer define exposure — functions do. A modern D&O policy should reflect that by treating anyone the company indemnifies (or, in certain situations, would have indemnified) as an insured person. The less clear “would have indemnified” proviso can sensibly be addressed by, say, reliance on internal legal or board determinations.
This is not about expanding coverage. It’s about modernizing coverage to address the way companies operate today. The risks have evolved. How we address them should evolve, too.
WTW hopes you found the general information provided here informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, WTW offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).
