Recent research from King & Wood Mallesons confirms class actions are on the rise. The Review: Class Actions in Australia 2014/2015 reports that at least 33 new class actions were filed in the Federal Court and the Supreme Courts of Victoria and New South Wales in the 12 months to June 2015, compared with just 18 in the previous year.

“Considering a class action is now one of the first responses to unexpected events,” says dispute resolution partner and report co-author Moira Saville.

The number of firms funding litigation is keeping pace.

“There are more of them and they are becoming more entrepreneurial and specialised in a crowded and competitive marketplace,” says George Harding, managing director of FINEX Australasia.

They are also aware of shareholders’ changing expectations.

“[Shareholders] are also less likely to take any loss on the chin so, to some extent, the class action has become a mechanism for recovering lost money,” says Tom Kent, managing director of TK Specialty Risks. “That doesn’t mean shareholders are using the mechanism inappropriately – most, if not all, seek to reinstate monies associated with a genuine loss. But the fact is that shareholders are much more aware of class actions, and have far more access to them, than they did in the past.”

Regulators are also pursuing individuals for wrong doing.

“In the six months to 30 June 2015 the Australian Securities and Investments Commission [ASIC] disqualified 19 directors,” says Harding.

None of this is good news for directors.

“Directors and officers [D&O] insurers are very concerned about being so highly exposed to Australian shareholder class actions as the costs associated with them are extremely high,” says Harding. “The regulatory action is also having a direct impact on the number of notifications and claims and the legal costs incurred at both the hearing and pre-investigation stages of an inquiry.”

Insurers are responding by taking a more conservative approach and many are reducing the limits on their D&O programs.

“It does appear that, despite having one of the best reporting regimes in the world in terms of continuous disclosure, the ASX 200 is not a happy hunting ground for global insurers,” says Kent. “Some are still offering good cover at competitive premiums but it is important for directors to find an underwriter who understands the industry and the dynamics of the company.”

Evaluating the risks

The main triggers for litigation have remained constant for some time, with breach of continuous disclosure obligations heading the list. This is followed by failure to disclose material information, then misleading or deceptive representations or conduct, particularly within a prospectus.

“These very traditional causes underline how difficult it is for directors to manage through a period of economic uncertainty,” says John Kelly, senior partner at Consult Insurance Services. “In our experience, what to say and when to say it is one of the most vexing issues confronting the board.”

There are signs that the triggers may change.

“The 2013 breach of data at Target in the United States marked a turning point for Australian boards,” says Cameron Oxley, a partner at MinterEllison. “It was the moment directors started sitting up and paying attention to cyber risk – suddenly it became very clear that this was no longer just a matter for the IT department but a strategic risk that belongs on the boardroom agenda.”

Target’s chair and six directors lost their positions on the board and the CEO of 35 years lost his job, but there have still been no civil actions against individual board members. It took the theft of the payment information of more than 50 million Home Depot customers in the US to put personal liability in the picture. Late last year a shareholder filed a lawsuit claiming that the company’s 12 directors and officers had “breached their fiduciary duties of loyalty, good faith, and due care by knowingly and, in conscious disregard of their duties, failing to ensure that Home Depot took reasonable measures to protect its customers’ personal and financial information.”

“This doesn’t necessarily mean that directors need cover for a completely new set of risks,” says James Stanton, an associate at MinterEllison. “Many cyber risks are actually variations of more familiar threats and, as such, are covered by some standard D&O policies. However, other policies have data security exclusions or carve-outs, so it’s important for directors to check whether they need specific cyber cover to fill in any gaps,” he says.

If so, there are two broad alternatives.

“Stand-alone cyber risk policies are attractive to large businesses as they commonly have sums insured in the millions,” says Oxley.

“However, cyber risk insurance is also sold as an endorsement to management liability policies. This option is more attractive to smaller businesses as the policies are much cheaper, though they typically have sums insured in the order of $100,000.”

The right cyber cover depends on risk appetite and how well the risks are being managed.

“This is a tough decision for boards to make,” Oxley continues. “It requires a detailed understanding of the day-to-day operations of the business so, to a large extent, directors must rely on information they receive from management.

It is also important to remember that insurance will never be a complete solution.

“We think of risk management as the fence at the top of the cliff,” says Oxley. “Insurance is just the ambulance at the bottom.”

Anticipating the challenges

Early this year ACE Limited acquired Chubb for approximately US$29.5 billion, creating the world’s largest publicly traded property and casualty insurance company.

“Any further consolidations of key global carriers could put pressure on prices – though this might be offset by new entrants to the market with abundant capacity, such as Berkshire Hathaway,” says Harding.

It is also increasingly common for D&O accounts to be underwritten on a portfolio rather than case-by-case basis.

“Some markets are withdrawing their D&O cover for, for example, all mining exploration companies,” says Kent. “This is a bit like being attacked by a magpie then deciding that all birds need to be eradicated. Companies in any one sector are bound to share superficial similarities but no two are identical. It’s a pity that some insurers have such a two-dimensional view.”

“It is noteworthy ASIC has published two reports within one year commenting on cyber resilience and the importance of board engagement to ensure sufficient resources are available to properly manage cyber resilience as part of the corporate governance role,” says Susan Elias, national manager FINPRO, cyber, Marsh.

“While it has been several decades since D&O insurers have imposed a ‘failure to purchase insurance exclusion’ on D&O policies to limit their exposure to uninsured risks, as cyber incidents grow the onus is on boards of directors to see cyber risk as a corporate governance issue. These exclusions could be dusted off and applied to D&O liability policies, if insurers start to see a raft of cyber claims falling within the scope of D&O policies, when D&O underwriters have not contemplated that exposure in their rating structures. Let’s hope this ‘back to the future’ restriction does not eventuate any time soon,” she adds.

Making the right decision

The starting point for directors is a clear understanding of what they want their insurance to do.

“D&O can provide security to the directors and officers or it can be shared with the company in order to protect the business as a whole,” says Adam Suplina, national manager – corporate, financial lines at AIG. “It can also combine the two. If you haven’t thought this through you could end up purchasing the wrong coverage. In a worst-case scenario you could find that your policy has been eroded by claims against the company leaving you without the protection you thought you had purchased.”

D&O policies are notoriously complex and confusing, and many different factors must be taken into account in structuring the best fit.

“In my underwriting agency we collaborate wherever we can with research houses, fund managers, stock brokers and insurers to get a more detailed understanding of what companies want and need from their insurer,” says Kent.

“We’re finding that the business worlds of clients, brokers, agencies and insurers are converging at an unprecedented rate, which I think is a positive development. For example, the meetings between underwriters and clients that we now take for granted used to be forbidden.”

Suplina suggests that directors also meet the insurer’s claims professional.

“Talking to the underwriter and broker is important for the placement of the policy but it is the insurer’s claims experience and philosophy that will come into play if you should face litigation or an investigation,” he says.

Insurance is even more complicated for directors who work on overseas boards.

“The risks directors are exposed to in Australia are a direct result of the regulatory and legal environment here,” says Harding. “It follows that directors operating on an international board must consider the legal and regulatory environment within that particular jurisdiction when they’re buying D&O cover.”

Keeping up to date

D&O is an annual policy and should be carefully reviewed at each renewal.

“This will address the evolving range of exposures such as the impact of multinational risk and cyber threats,” says Suplina. “It is very tempting to save time by renewing insurance policies on the same terms as the previous year but, in our experience, this can lead to directors being unnecessarily exposed to emerging risks.”

Directors should also review their policy when there is a material change to the business.

“If the company acquires a new subsidiary or launches into a new jurisdiction, for example, it’s worth revisiting the insurance to ensure it still meets your needs,” says Kelly.

Five questions directors should ask about D&O

John Kelly highlights key areas for consideration.

  1. Does your insurer have experience, a solid reputation and a demonstrated willingness to pay claims?

  2. Are you focusing on the right issues? Sub-limits provide cover for certain defined areas so you can tailor your cover by concentrating on the areas that matter most rather than the overall policy limit.

  3. Does the company have access to the policy limit? Directors sometimes purchase an aggregate limit only to discover that the company has access to an amount they thought was exclusively theirs.

  4. Are the endorsements reasonable? The insurance contract comes in two parts – the core policy wording and additional clauses or endorsements. Endorsements can substantially alter the cover provided by the standard policy so it is important to review them carefully.

  5. Have you negotiated the best deal? D&O insurance is a negotiable product – every aspect of the wording can be modified or enhanced. Some enhancements must be paid for, others come at no additional cost.