From the Magazine

Prepared for the Risks Associated With Serving on Boards?

Serving on the board of a company has never been so risky and the stakes for directors have never been higher, which is why this is such an important time to explore in-depth the range of risks and responsibilities that accompany the role of a global director today.

Directors are practical people, looking for practical advice. The sea change in corporate governance that began around the globe roughly 10 years ago, kicked off with the collapse of WorldCom Inc. and Enron Corp. in the United States, and the proliferation of local examples around the world has been further fueled by the global financial crisis, which has put investments and boards of directors further at risk.

Against a backdrop of almost unparalleled financial instability, corporate crises, increasing regulation and public resentment over the perceived power of big business, directors of large companies (especially in the financial-services sector) are the subject of intense scrutiny.

Serving on the board of a company has never been so risky and the stakes for directors have never been higher, which is why this is such an important time to explore in-depth the range of risks and responsibilities that accompany the role of a global director today.

Key Risks

So far as the U.S. is concerned, the most significant ruling emanating from the Supreme Court on directors’ liabilities occurred in June 2010 in Morrison v National Australia Bank. This decision has fundamentally changed the “conduct or effects test” under which a U.S. court had previously been able to claim jurisdiction over a case involving foreign plaintiffs, foreign defendants and securities listed on non-U.S. exchanges.

The Supreme Court ruled that the relevant securities laws did not apply extra-­territorially but only to transactions on U.S. domestic exchanges or domestic transactions in other securities. The decision has not, however, put paid to the extra-territorial reach of the U.S. courts. The Foreign Corrupt Practices Act (FCPA) is still alive and well. Moreover, the Supreme Court ruling itself has been and continues to be the subject of much case law winding its way through the U.S. courts on the vexed question of the meaning of the phrase “domestic transactions in other securities.”

There are other ways in which the U.S. courts and regulators exert influence beyond their shores. In October 2011, the U.S. Securities and Exchange Commission issued guidance in relation to liability for cyberattacks. The guidance recommends that specific disclosure be provided by public companies on (among other things) cyberincidents, pre-attack exposure analysis and the implications for financial statements.

While no similar guidance yet exists elsewhere in the developed world, the risks and dilemmas posed by serious data breaches apply to board directors of all large companies (and indeed to all businesses). Courts generally are likely to take the view that directors have a duty to gain a sufficient (if basic) understanding of the nature of the risks facing their businesses, including cyberrisk. Ignorance is no still no defense.

No one is immune to cyberrisks or cyberbreaches, whether these are perpetrated by hackers or rogue employees or simply the result of employee negligence. In 2011, for example, TJX Cos. fell victim to a cyberintrusion that security experts predict will have long-term costs of between US$4 billion and US$8 billion in fines, legal fees, notification expenses and brand impairment.

In the TJX case, the retail group reported that 45.6 million credit and debit card numbers were stolen from one of its systems during the period July 2005 to January 2007. Of critical import, the January 2007 intrusion occurred after TJX already had knowledge of the initial breaches. Of course, big corporations are not the only entities that are vulnerable to hackers and “hacktavisits.”

Indeed, half of all companies that have experienced data breaches have fewer than 1,000 employees, according to Willis’ 2012/13 Executive Risks Guide.

One of the biggest stories over the past few years concerning directors and officers (D&O) litigation in the U.S. is the dramatic increase in suits arising out of mergers, acquisitions and divestitures. Although M&A activity is reported down for the first six months of 2012, that fact is not obvious from the reactions of the D&O insurance underwriters, some of whom are now beginning to seek higher deductibles or retentions for claims arising out of these corporate transactions.

Another focus that is usually not discussed in polite company or otherwise is the existence of D&O coverage litigation where insurance carriers contest (seek to deny) coverage to individuals and entities. At a time when D&O claims are escalating, the regrettable truth is that so are coverage disputes.

In many parts of the world, including the U.S., “late” notice of a claim to one’s insurance carrier, for example, is a very strong coverage defense for carriers and has resulted in the largest number of uncovered D&O claims. It is to be ignored at peril.
Though defense costs as well as settlements are both covered by a good D&O policy, there are also several common D&O exclusions, including the intentional illegal conduct exclusion. This coverage restriction is of particular note as this allegation is likely to appear in almost every D&O claim. Directors at U.S. and global companies are also rightly concerned about the reach of possible U.S. governmental investigations — particularly the FCPA.

In what the agencies describe as “an unprecedented undertaking by DOJ and SEC to provide the public with detailed information about our FCPA enforcement approach and priorities,” the U.S. Department of Justice (DOJ) has just released its much anticipated Resource Guide to the U.S. Foreign Corrupt Practices Act, which is available for download from the websites of the DOJ and SEC.

Intended to provide businesses and individuals with a nuanced understanding of the FCPA, the guide sets out some of the statutory requirements of the act and then provides insight into DOJ and SEC enforcement practices, using hypothetical examples of enforcement actions and summaries of applicable case law and DOJ opinion releases.

It is applicable to both small businesses engaged in their first transactions abroad as well as to large multinational corporations with subsidiaries around the globe. It is a useful document with information to assist organizations in avoiding and/or managing these exposures.

Global Challenges Grow

In a number of countries outside the U.S., corporate governance standards continue to develop (Saudi Arabia and Switzerland, for example), but this should be viewed as a matter of degree: in all jurisdictions, there is and will be continued change, whether crafted by the courts, mandated by legislatures or determined by the fates of the organizations themselves.

On Aug. 22, for example, the Russian Federation became the 156th member of the World Trade Organization (WTO). In the years ahead the Russian government will continue to adapt its legal framework to meet the WTO requirements. We can expect the Russian regulatory framework to be, for some time, subject to frequent adaptation and change.

In the global challenge to maintain good corporate standards and ethics, internal reporting is usually seen as a strong touchstone, exceeding internal audit, for example, as a far more useful tool for rooting out improper behavior at an organization. Which is why the results of the 2011 National Business Ethics Survey, Retaliation: When the Whistleblowers Become the Victim, is so concerning.

The report considered American workers at domestic and international companies, including both for-profit and not-for-profit organizations. Among its findings:
– While nearly half (45 percent) of employees observe misconduct each year, and the majority (65 percent) report it, unfortunately, more than one in five (22 percent) employees who reports what they believe to be misconduct at the organization, perceive retaliation for doing so.
– Whistleblowers whose reports are substantiated are equally likely to perceive that they have experienced retaliation as those whose claims are not.
– In terms of the seriousness and magnitude of these results, the survey reveals that the percentage of workers perceiving retaliation has been increasing: from 15 percent in 2009 to the 22 percent (or 2.3 million individuals) in 2011.

The D&O Insurance Marketplace

With all this in mind, directors might question why insurance carriers wish to continue insuring corporate boards, or, at least, to do so at prices that are not keeping pace with the increase in exposures. But like any successful executive, those at insurance carriers need to have a tolerance or appetite for risk matched with an ability to assess exposures.

From a price perspective, the good news is that major insurance carriers writing a portfolio of risks are able to minimize price increases by spreading it across all of the similar policies they write.

“Overall, the D&O marketplace has so far weathered the economic storm if not intact, then without any major disruption,” says Mark Wakefield, executive director of FINEX Global, Willis’ financial, executive risk and professional liability business. “Courts generally take the view that directors have a duty to gain a sufficient understanding of the nature of all the major risks facing their businesses.
Against this backdrop, the D&O policy has had to move with the times, as buyers and brokers seek cover for new and previously untested areas of liability.”

As far as the overall insurance market is concerned, we have witnessed growth in global D&O capacity, while a number of new insurers have entered the market for international excess. That said, many of the key events that have shaped the D&O landscape over the recent past have and continue to influence the D&O insurance marketplace.

This is seen in terms and conditions that have expanded to match exposures in many jurisdictions. But there is also the dark side of this — coverage contractions or exclusions where D&O premiums are not seen as sufficient to match the growing exposure faced by directors.
So with increased regulatory, shareholder and media scrutiny combined with volatility in the global economy, rarely have directors of large companies (especially in the financial-services sector) been the subject of more scrutiny. Effective oversight of risk at the board level can influence the global corporate rating agencies and at the best firms is an integral part of the strategy and culture.

Savvy directors will also consider both the cost of their D&O protection and the breadth of the coverage they are purchasing (or which is purchased on their behalf). In companies where the negotiation of D&O insurance is a separate purchasing decision, directors may want to become much more actively involved in the purchasing decision.

 

This article first appeared in Financial Executive magazine.