Global Insurance Law Connect Seminar Series: Addressing keychallenges for insurers
The last few months has seen The Global Insurance Law Connect group is a network ofus host a series of Global insurance lawyers whose breadth of expertise allows us toInsurance Law Connect seminars. deliver the right advisers, in the right locations and in theCovering just a few of the key most effective way.With access to our specialist insurancecurrent topics, we were able lawyers and calling on their local market knowledge andto offer our insurer clients the commercial strength, our clients enjoy depth of service andopportunity to hear from our expertise that no one firm can provide on its own.leading international legal expertsabout local challenges in the main In this round-up we focus upon three seminars highlightingjurisdictions around the globe. the challenges facing insurers, as well as providing a valuable insight into legal and regulatory issues, either local or covering multiple jurisdictions. The seminars covered • GDPR • Professional Liability & Financial Lines • Directors & Officers. If you would like to discuss Global Insurance Law Connect and how BLM operates internationally, please contact me. Kind regards Jim Sherwood Chairman of Global Insurance Law Connect / Partner at BLM T: +44 20 7865 3376 E: [email protected] Global Insurance Law Connect Seminar Series
CONTENTS Page 4 Page 8Seminar 1: GDPR for insurersand brokers Page 13Seminar 2: What in the worldis going on in Financial Linesand Professional Liability?Seminar 3: High priority legalareas for Directors and Officers 03
SEMINAR 1: GDPR FOR INSURERS AND BROKERS In the first of the sessions we looked at the much-publicised changes introduced by GDPR from a slightly different perspective. Having viewed this from a UK standpoint, we then looked at how GDPR is impacting a diverse range of other territories such as Belgium, Italy, India and America.04 Global Insurance Law Connect Seminar Series
THE UK BELGIUMThere has been an enormous amount of coverage about With the requirement to immediately report any personalthe general principles of GDPR.We focused upon some breaches there has been a modification to the currentof the “myths” that the Information Commissioner has legislation where its ambit has been extended. Currentlybeen keen to dispel.There has, for example, been a lot the immediate reporting was limited to telecom companies.of emphasis on explicit consent, giving the impression that This has now been extended to all organisations.this is the only way in which businesses will be able tolawfully process data, with enormous fines being imposed Since 2016 (limited) class actions or group actions haveif consent is not obtained. been possible in Belgium, if they meet the following criteria:The Information Commissioner’s Office (ICO) has been • Only consumer rights are protected, i.e. the classkeen to clarify that this is very much “business as usual” action can only be instituted by consumers (naturaland that any business which complies with the 1998 Act will persons who are acting for purposes that are not relatedhave a solid platform to ensure compliance with the GDPR to trade activities, business, craft of profession).and the Data Protection Act 2018.The Commissioner hassaid that she sees ongoing compliance as a “carrot and • Following recent legislation modification, also SME’sstick” situation, where those who engage with the ICO to will be able to file a class action.proactively address compliance issues will be helped, ratherthan finding the “stick” used to impose penalties on them. • The class action can only be initiated against undertakings (it is not possible to file a class actionThinking about legal changes that may arise (and in some against other consumer or public authorities).cases are already arising) class actions were flagged.Historically they are rare in the UK, but with the increasing Other technical and legal provisos do exist, full details ofnumber of high profile cyber breaches, those whose data which were shared at the session, but like the UK, prevailinghas been affected are bringing their cases in class actions. GDPR obligations will become part of them.The supermarket chain Morrisons was cited as the firstmajor reported example and there have been intimations Like the UK there will be greater exposure to breach risks,that claims could be pursued against Cambridge Analytica but it was felt that this would not adversely affect incidentand Facebook.An interesting effect of this may well be rates in Belgium. Rather, with tighter GDPR regulations,the involvement of claimant law firms better known in the it was felt that it could ultimately lead to better businesscasualty sector looking to pursue cases or the rise of claims protections being in place, but subject of course to themmanagement companies looking to attract claimants. being implemented, improving the risk position.Putting this all together; the new obligations will increase ITALYthe burden on companies, which will inevitably meanmore breaches. The obligations to report incidents will The Italian regulator has not provided guidance onlead to greater awareness by the public (and those with personal data issues specific to the insurance industry fora commercial interest in aiding them), which in the end is a decade, with the last paper being centred upon contractlikely to lead to an increase in claims. disclosure.This said, the Italian Regulator is very sensitive to individuals’ rights and is often raised as an order to request insurance companies provide them with personal data.The question of the balance between the rights of individuals and those of the insurance company, which might want not to release them because they might be used in future litigation, makes for a very interesting balance. Unlike the other examples, compared to other European nations, Italy has experienced many problems surrounding class actions, with insufficiencies in adequate procedural and material protection for claimants. Some recent cases stand as perfect testimony to this! Like other territories cyber extortion is a real and present issue and something the insurance industry is responding to. 05
INDIA USAThe Indian data protection regime is currently in a state of Individual states are enacting cybersecurity regulationsflux.At present India does not have any specific legislation because of the failure of Congress to act and instituteor Regulatory body for data protection.The prevailing broad-sweeping regulations. Currently, the federal lawslegislation being the Information Technology Act, 2000 apply to health care, financial industries, and federaland its rules which, amongst other things provide for agencies, but attempts to enact uniform cybersecuritycompensation to be paid by a corporate body if it fails to rules have failed.protect sensitive personal data and for reasonable securitystandards to be adopted to avoid data breaches.This Act All but two states have mandatory notification andhowever does not provide for any standards and control on disclosure requirements of data breaches. But, untildata processing. recently, no state had regulations that offered protections against cyber threats and security. In March 2017, the NewIn 2017, an expert committee on data protection was York State Department of Financial Services enacted theconstituted by the Indian government which released a Cybersecurity Regulation which applies to financial services,whitepaper suggesting a model law. Based on this model and insurance and banking industries. Other states are sure torecommendations received, a draft law is being prepared by follow, resulting in a piecemeal application of cybersecuritythe committee. From the discussions surrounding the draft breaches until Congress will act.and the whitepaper, it can be expected that the draft will beclosely modelled on the GDPR. The New York regulation contains both administrative, technical, and notification requirements, much likeAdditionally, in 2017 the Insurance Regulatory and the GDPR.Development Authority of India, the Regulator for theindustry, released guidelines on information and cyber As regards class actions, there exists a split in authority forsecurity for insurers.These guidelines aim to ensure that lawsuits that involve data breaches. Several federal districtinsurers are prepared to mitigate all cyber security related court circuits have held that consumers that have had theirrisks and have adequate policies and infrastructure in place. information stolen, but not used in by the perpetrator is enough to sustain the class, but other federal districtIn related areas India is currently seeing several debates courts have held that consumers must demonstrate thatover data protection and privacy. In 2017, in a landmark their information has been used and not merely stolen.decision, the Supreme Court of India held that the right Recently, the US Supreme Court denied accepting a caseto privacy is a fundamental right. Presently, this court is for argument that would have addressed the split, therebyhearing another matter concerning a challenge to the allowing the spilt in the federal courts to continue.‘Aadhaar’, a 12-digit identification number issued by theIndian Government based on a citizens’ demographic andbiometric data.A major issue in this case is the privacy ofcitizens and the vulnerability of their data with the state.The decision of the highest court in the country will havefar reaching impact over data protection laws in India.Like elsewhere India has seen a range of cyber insuranceproducts launched.As the formal governance of dataprotection evolves so one will expect to see these expandthe coverage afforded by these products.06 Global Insurance Law Connect Seminar Series
Each presenter was asked about the insurabilityof GDPR fines.This is what they said:UK ITALY In Italy GDPR fines are not insurable, and I do not expectThis has historically been an extremely complex area in any change in this respect.UK law. The courts have applied a rigorous public policyto the effect that fines imposed by Regulators should not INDIAbe insurable on the basis that this considerably weakens Once GDPR is enforced, it is expected that the Indianthe deterrent effect that is such an important part of those insurance companies will respond by providing coveragefines. It is unlawful to insure some fines, for example, for fines levied under the GDPR. Presently, there are cyberthose imposed by the Financial Conduct Authority. It is policies in the Indian market which provide coverage foralso clear from the case law that insurance for fines levied administrative fines and penalties (globally in certain cases).by the Health and Safety Executive and the CompetitionCommission cannot be enforced. This means that the USAstarting point is likely to be that ICO fines cannot be Typical cyber policies provide coverage for the impositioninsured under UK law. of fines as a result of an adverse judgment or settlement arising from a disciplinary or Regulatory proceeding. But,BELGIUM questions remain as to the extent of the cover given the potential amount of fines that can be imposed for violationsUnder the Belgian Insurance Act 2014, fines and amicable of the GDPR. Also, questions remain as to the ability tosettlements in criminal cases are not insurable. On the enforce sanctions against a US-based company.contrary, administrative fines imposed by anti-competitionauthorities are insurable.The question therefore arisesof the qualification of the GDPR fines? As to the currentBelgian Privacy Act 1992, it provides for criminal provisionsin case of non-compliance. It is considered that the finesprovided for in the Belgian Privacy Act may be of a criminalnature and are therefore not insurable. Contact: Tim Smith Partner at BLM T+44 20 7865 3313 E: [email protected] 07
SEMINAR 2: WHAT IN THE WORLD IS GOING ON IN FINANCIAL LINES AND PROFESSIONAL LIABILITY? In this session we asked some of our partners to share one of the ‘hot topics’ from their region.There were some common threads surrounding claims made policy issues, and some real local diversity in the topics that are keeping our network lawyers and their clients awake at night.08 Global Insurance Law Connect Seminar Series
BELGIUM Direct action in an international contextThe sunset clause in claims made policies The direct action of a victim against the insurer of the liable party was introduced by article 86 of the Act of 25 JuneA couple of the features of direct action against liability 1992 on Non-Marine Insurance Contracts (WLVO).insurers under Belgian law; the sunset clause and direct The direct action applies to all liability insurance contractsaction against foreign insurers were covered in this session. (e.g. professional liability, D&O liability, product liability, public liability) except for marine and transport insurance.The Sunset Clause This was then incorporated into the Insurance Act of 4 April 2014 without any changes.As elsewhere in the insurance world, claims made policiesare a key part of the professional liabilities insurance Because the direct action is to offer protection to thelandscape.They are efficient mechanisms for ensuring clarity policyholder and/or the insured party, this legislationof where losses fall, with little or no exposure to long-tail is mandatory.The Belgian direct action system is muchlatent actions for losses that have been reported long after broader than the direct action that is allowed againstexpiry on occurrence-based policies. indemnity/liability insurers in other EU Jurisdictions. In the Netherlands for example, direct actions are onlyUnder Belgian law, coverage is governed by article 78 allowed against Motor Liability insurers and solely forof the Law of 25 June 1992 on Non-Marine Insurance bodily injury claims.Contracts (WVLO), currently article 142 of the InsuranceAct.The act governs both occurrence policies (paragraph However, the application of the Belgian direct action whereone) and claims made (paragraph two).To address non- there is an international context has been challenged incoverage of claims post policy expiry, it aims to mitigate the Belgian case law in two distinct scenarios:consequences by use of an additional paragraph, introducinga Sunset Clause. 1) where foreign victims take direct action against a Belgian liability insurer (the policy being governed byThe clause places an obligation on an insurer to provide Belgian law and to avoid discrimination Belgian courtsmandatory coverage for certain future claims for a period having jurisdiction); andof 36 months after expiry, where they relate to damagethat occurred during the policy term, but the risk is not 2) where Belgian victims take direct action against aelsewhere insured, or circumstances that might lead to foreign liability insurer, with the policy being governeda loss, which occurred during the policy term and were by a jurisdiction that does not provide for a similarreported to the insurer. direct action system, as in Belgium.The definition of “risk” in this context has been the subject In the second scenario two important questionsof uncertainties and debate as the Belgian legislators did not arise.Which courts have jurisdiction, and is the directspecifically define it. Following an incident being reported it action allowed?can (and has) been defined as The answer to the first question can be found in the1) an abstract of the word meaning any risk of professional European Regulation 1215/2012 on jurisdiction and the liability where the run-off insurer avoids any liabilities recognition and enforcement of judgments in civil and as the broad scope of coverage has been newly insured, commercial matters. Belgian courts have jurisdiction but whether this covers the incident reported or not; or only “if the direct action is possible and allowed“.2) a more specific definition that the risk refers to the The answer to the second is not as straightforward. actual coverage responding to the actual incident being In a case heard before the Court of First Instance in reported.The absence of which ties the insurer into Turnhout, a Belgian insurer was subrogating the rights of the sunset clause. the victim; a Belgian national against a Dutch insurer.After detailed arguments it was found that the liability of theFollowing test cases, the Belgian Supreme Court decided Dutch company, and its domiciled insurance contract, wasthat the second, more specific definition should prevail, governed by Dutch law, with an applicable exclusion underdefining risk as referring to the actual damage and not the the United Nations Convention on Contracts for thebroader ambit of professional liabilities. Clearly this favours International Sale of Goods.With the insurance contractthe insured and places a clear obligation upon the insurer being governed by Dutch law and the non-existence offor three years post expiry.Whilst this has removed one direct action under its laws, the prevailing direct actionarea of doubt, it hasn’t answered all the questions though, was therefore not possible and therefore dismissed.Thisfor example, does ongoing sunset coverage have to be on decision was later upheld by the Antwerp Court of Appeal.the same terms & conditions as expiry? The outcome; if a Belgian victim cannot rely on Belgian law for its liability claim against a party who is insured under a foreign indemnity insurance contract governed by foreign law, and if that law does not provide for a direct action system, the direct action against the foreign insurer will not be allowed, even by a Belgian court. 09
SPAIN The case in CataloniaInsuring Financial Accounting Liabilities of On 9 November 2014, there was an illegal referendumpublic officials and a claim in Catalonia for in Catalonia, organised directly by the government of theexpenses derived from the call of an illegal Autonomous Community. It was deemed illegal, as theirreferendum. authority had been previously suspended by the Spanish Constitutional Court on the understanding that theIn Spain it is common for public service organisations to Autonomous Community had no jurisdiction.take out insurance to cover the professional liabilities ofthose individuals working for them. One area however that Prior to its conclusion, the President of the Communityis often overlooked is for financial accounting liability. and other high-ranking officials disposed of public funds by incurring various expenses related to organising theFinancial Liability Accounting derives from the statutory referendum, diverting them from budget items initiallyreporting of accounts by those overseeing public funds. assigned by the State.Unlike other areas governed by the Civil Code, theprevailing legal regime is through the Court of Auditors. It Specifically, public funds were used for the construction andcannot therefore be considered a civil liability within the publication of a website, the manufacture and transportingscope of coverage of standard professional liability policies. of materials to be used in the voting premises, the acquisition of laptops to be used at polling stations andThe Court of Auditors is autonomous and independent other public centres, an advertising campaign, the purchaseof civil and criminal jurisdictions, and as such is therefore of an insurance policy for volunteers who participated infully appraised of all matters concerning the management the unconstitutional process, consultancy, and the costs ofof public funds; including negligence, gross or otherwise, sending information.mismanagement, fraud and the like. It will be fully aware ofany resulting reduction in said funds, contrary to budgetary These expenses totalled 5.2 million Euros, which wereor accounting laws, extending to those benefiting from considered to constitute a financial accounting liability sincesubsidies, credits, guarantees or other aids provided. they lacked the necessary legal authority.This made it an arbitrary use of public funds, which resulted in the Court ofCurrently this risk is covered by policies known as Auditors commencing the necessary claim process againstInsurance on the Liability of Authorities and Personnel of the political decision-makers, claiming reimbursement.the Public Administration.There are five insurers that offerthis in a contract form similar to a D&O policy, but with The insurance coverage bought included “the economicspecific sections covering acts, errors and omissions in the consequences derived from any patrimonial and civilcontext of public administration. liability”, but did not cover financial accounting liabilities specifically, so the cause of loss and damages from it fell outside its coverage.This ultimately led to the rejection of the claim, which was widely reported by the Spanish press. The results being that this and other important incidents have raised the profile of and served to highlight the importance of covering this specific risk and perhaps more importantly, the conduct of public officials managing public funds.10 Global Insurance Law Connect Seminar Series
UK A case in pointUnder the spotlight: Tax avoidance schemes It was alleged that the accountant had failed to explain theand the professional adviser implications of the Corporation Taxes Act 2009. Damages were claimed on the basis that if appropriate adviceAs the British Government continues its clampdown on had been given, the Claimant would have carried out atax avoidance, there are lessons to be learned from claims restructuring scheme to avoid the tax consequences ofagainst professionals arising from tax schemes. the legislation.Duty Baker Tilly accepted that they should have advised the Claimant about the effect of the legislation in 2009, butWhen facing tax avoidance claims, referring accountants argued that the Claimant would not have been able to(or IFAs) often argue that they were not retained to advise restructure and that in any event the scheme would havein relation to the scheme, but were merely “introducing” been successfully challenged by HMRC.clients to the provider. Some professionals will haveengagement terms which limit the scope of the retainer, The Court held that the Claimant needed to show that, butbut if the terms of the contract are unclear, the courts will for the breach, it would have implemented the structure.look at the course of conduct leading up to the investment, The claim failed at that hurdle as Baker Tilly were able toin order to assess whether the professional assumed show that if Altus had been fully advised they would haveresponsibility for providing advice on the Claimant’s tax consulted PwC, who would not have come up with themitigation options. alternative proposal. Notwithstanding that finding, in case it was wrong, the court went on to calculate damages on aGenerally, if they are found to owe a duty to advise, loss of chance basis and applied two percentage discountsprofessionals are expected to: provide the client with to reflect the prospects of any HMRC challenge succeeding,a range of tax mitigation options; carry out some due which would, if damages had been awarded, have reduceddiligence on the scheme and the provider; spell out the risk the value of the claim by 30%.of a HMRC enquiry into the scheme and explain the likelyfinancial consequences of any successful challenge. Limitation PeriodsIf the advice provided is found to be lacking, we have found It is well established law that the primary six year limitationthat it is sometimes better to focus on causation, quantum period in tax cases commences when the scheme isand limitation arguments. These are key issues in tax invested in, or when an interest in a trust is acquired.Asscheme cases. Defence arguments supported by evidence many of the investments were made more than six yearsfrom a forensic accountant can often dramatically reduce ago, Claimants will often concede at the outset that theythe value of any settlement or provide a full defence to are relying on s14A of the Limitation Act 1980, whichthe claim. provides a three year limitation period from the Claimant’s date of knowledge.Sometimes, Claimants will seek to claim for the tax (whichis usually by far the largest head of loss) as they claim they There has recently been a very helpful decision on s14Awould have avoided paying it by using another scheme or and its application in tax avoidance claims: Halsall & Ors varrangement. It is often the case, certainly in pre-action Champion Consulting Limited & Ors [2017].correspondence, that Claimants intentionally fail to provideany detail of what they would have done differently. It is The Claimants were solicitors who claimed they had beenessential to press for that detail at an early stage - certainly negligently advised in relation to two tax avoidance schemes.well in advance of any resolution of the claim. The judge found that Champion had failed to advise of the risk that the scheme would be challenged and had given theThe use of forensic accountants can be invaluable in Claimants a 100% assurance that their tax liability wouldunravelling any suggested alternative mitigation options. be reduced. Notwithstanding the clear breach, the claimOften as not the argument in relation to the alternative failed as proceedings had been issued outside of the threescheme unravels as it may be structurally difficult to year period allowed by s14A.The date of knowledge wasimplement the arrangement in time, unattractive to considered to be the point at which the Claimants becamethe Claimant from a global business perspective, or aware that HMRC were investigating and challenging thethe arrangement itself may well be successfully challenged scheme, as by that point, the Claimants knew that the claimby HMRC. no longer had a 100% chance of success.This was the case in Altus Group (UK) Limited v Baker Tilly[2015] and was also an important issue in the first instancedecision in Mehjoo v Harben Barker [2014]. 11
USA Data Breach Notification LawsPrivacy and data breach issues: How Uber and In March of 2018 Alabama became the 50th state to enactFacebook will provide examples of potential data breach notification law.These types of state lawslitigation require companies to maintain reasonable security measures to protect sensitive personally identifying informationAs time passes we are seeing increasing numbers of data against a breach of security.These statutes typically havebreaches and privacy violations by high profile companies: a notice requirement when it is anticipated that there is aYahoo, Equifax, Uber and Facebook to name but a few. Given potential harm to the individuals impacted by the breach.the high volumes of customer data held, these incidents can Alabama requires that notice be provided as expeditiouslyresult in a whole variety of lawsuits. Claims can come from as possible, and not later than 45 days after notice of theshareholders, customers/users, regulators and multiple State breach. In the cases of Facebook and Uber State,AttorneyAttorney Generals, to name but a few, and the effects on Generals from multiple states have initiated investigationsthe company can be material, both reputationally and then and sent letters, seeking information about protection offinancially as short-term confidence falters. user information as well as information related to the notice of the incidents.Standing and Damages In February 2018 the US Securities and ExchangeStanding and damages must be considered. Courts differ on Commission (“SEC”) issued guidance to assist publicwhat constitutes injury sufficient to establish standing. Some companies in preparing disclosures about cybersecuritycourts require that claimant must have sustained some type risks and incidents. Public companies must report “material”of “Injury in Fact,” not something merely conjectural or events to their shareholders.The SEC Guidance emphasiseshypothetical.Whilst others have held that the possibility of the importance of companies implementing policies,injury is sufficient to establish standing. In those instances, practices and procedures requiring that informationan increased risk of identity theft was sufficient to in fact regarding important cyber risks and incidents be reportedconstitute injury. up the chain to senior management.The required executive certifications include the design and effectiveness ofFor claims asserted by users, companies have responded cyber-related disclosures and procedures.The SECby offering credit monitoring and if applicable credit card Guidance also warns that corporate insiders should notreplacements.This has generally proven sufficient to address sell shares of stock after a data breach that could influencethe damages experienced by most individuals.As a result, if a the stock price.class action is brought, damages should be minimal.Shareholder actions however must demonstrate afinancial impact on the stock purchase price.When Yahooexperienced a data breach, there was a pending sale toVerizon.As a result of the data breach, the purchase pricewas reduced by $350 million USD.This situation constitutedspecific and identifiable damages. Sadly, other situations maynot be as easily determined. Contact: Julian Smart Partner at BLM T: +44 121 633 6620 E: [email protected] Global Insurance Law Connect Seminar Series
SEMINAR 3:HIGH PRIORITY LEGAL AREAS FORDIRECTORS AND OFFICERSLike the one before, this session posed thequestions of high priority legal issues to anumber of our international partners to answer,and this is what they shared. 13
UK ITALYAt the highest level there are a number of macroeconomic In Italy Directors and Officers have a duty to act in anfactors affecting our economy; Brexit, the new balance of informed manner; making decisions based upon gatheringpolitical power following the 2017 General Election, a rise in all necessary information, to then act diligently wheninflation with an increase in interest rates, the potential of a implementing, establishing the general management practiceslooming consumer debt crisis and perhaps not unexpectedly of their company and to ensure proper fiscal control. Fromgiven all this, a slowing in the housing market. an insurance perspective the policies will generally cover Directors, Members of the Board of Internal Auditors andWe recently undertook a broker survey which investigated Managers. From a technical aspect all polices are on a claimsthe key risks brokers consider face UK businesses and more made basis.directly their Directors and Officer insureds. Perhaps nosurprises in the top three results with 85% of those asked With the inclusion of internal auditor boards, it is worthsaying that data breaches/threats concern them, followed a few comments about what their responsibilities are.by 56% concerned about Brexit and the political instability They have a duty to supervise prevailing law and corporatesurrounding it, whilst the third ranked risk saw 43% identify by-laws, to ensure proper structures exist in the areasregulatory investigations and the threat of subsequent of business organisation, administration and accountingprosecutions as their key worry. procedures, to advise the company’s board(s) and to report on the financial statements made by the company.As an aside to the main statistics, it became clear from the Interestingly they are jointly liable with the Directors andsurvey that there is still a poor perception of the D&O risks can be held liable individually or as a board.facing those running SME businesses, reflected in a poortake up of insurance protections afforded by the class. Current issues show that there is a lack of consistency in decisions by Tribunals about the actions of Directors; onWith such a high perceived key risk as data breaches and occasions they are being found liable for what could best bewith regulation figuring, it should come as no surprise that described as discretional business decisions. Deploying thecyber threats and the impact of GDPR are very much top of right lawyer is therefore vital.Actions involving insolvenciesmind.We covered GDPR in detail at another session, which and receivers are becoming an issue, where the systematiccan be found here (link to the GDPR section), but suffice filing of actions are being made in an effort to increase theto say -that every Director and Officer needs to be fully amount of money available to creditors. Several insolvenciesappraised of the GDPR’s basic principles and understand amongst banks and other financial institutions have gainedwhere their personal liabilities lie, not just at a regulatory wide media coverage, increasing the pressure on thelevel, but also their wider civil and criminal exposures. companies’ Directors and Officers.Other areas to flag are a significant increase in workplace Looking forward, insolvency laws are being reformed whichregulation and the likelihood of more contested proceedings will affect the stage at which claims might be made. Moregiven the increased likelihood of custodial sentences generally, up until now there has been a narrow scopeeven for those offences of a lower culpability. It is also for class actions with Tribunals being cautious in allowingpertinent that this year marks the 25th anniversary of the them. Pressure is growing locally and via the EU as to theirUK Corporate Governance Code which has been a timely effectiveness, which, depending upon the outcome, couldreminder for businesses to drive good board practices lead to a significant increase in claims against Directors’around leadership, effectiveness and accountability. and Officers; an increase which will only add to that already being seen of raising awareness amongst a wider range ofOne final thought to share; there has been an equally businesses, especially SMEs.Align this to issues like GDPRsignificant rise in corporate prosecutions, with record type risks and this will be set to continue.That said, therepenalties and fines being imposed and a sharp focus upon is a long way to go to overcome an attitude within Italythe personal responsibilities of Directors. Now is not where too many businesses still consider that buyingthe time for businesses to ignore thinking about the risks protection is necessaryconfronting them and the insurance protections they buy14 Global Insurance Law Connect Seminar Series
BRAZIL D&O insurance products in India offer a wide variety of coverage including risks arising from civil or criminalBefore our Civil Code was enacted in 2002, civil liabilities proceedings, any investigation or regulatory proceedingsreally depended upon proof that a loss occurred, and that initiated against a director, public relation expenses andmalice or fault could be attributed.This meant that D&O employment practices claims.coverages were generally limited as malice and serious faultwere generally excluded. Since the 2002 civil liabilities may Lately, India has seen a considerable rise in the demand forarise from the financial activities carried out by a business. D&O liability policies. Rigorous regulatory environment,Also, that “objective liabilities”; such as labour accidents, complex listing requirements and an increase in legal costsconsumer issues, environmental risks and the like were have significantly contributed to this increase. Particularly,recognised by Brazilian courts.Two outcomes from this companies planning mergers and acquisitions (M&A) orwere that more diverse coverages were developed including raising capital through the private equity route or an Initialthose to protect both the businesses and their Directors Public Offering (IPO) are showing interest in D&O policies.and Officers. With this growing trend and the increasing awareness of mitigating risks, it is expected that in the near future IndiaThe market continues to evolve. Part of this saw SUSEP will see an increase in the number of D&O claims.(Brazil’s Superintendent engaged in the modernisation ofsupervisory and regulatory procedures) recently change The rapidly changing regulatory environment, stricterexisting rules governing D&O insurance that were making duties and liabilities of the directors and officers and globalit intrusive, overly detailed and inefficient. Now such rules exposures being faced by Indian companies is the newhave been removed its development can move ahead a corporate norm, which Indian corporates can no longerlot quicker. afford to ignore.The attitude to compliance and risk has significantly changed over the years and with more robustDue to the regulations surrounding how (re)insurance enforcement, D&O insurance will only grow. In light ofis conducted in Brazil, with rights of local carrier refusal, the evolving nature of risk, particularly in areas such asconstructing global insurance programmes has always cyber insurance, underwriters and regulators will needbeen a challenge.When allied to stringent anti-corruption to acknowledge and identify newer challenges and worklaws and foreign exchange rules, affecting local businesses together to ensure that legitimate actions of directors andand multinationals in equal measure, these problems are officers are adequately and sufficiently protected.magnified.Attempts have been made to create policy formsthat can accommodate these requirements, but on thewhole, they have not offered a solution.This major barriermay be lifting however with new rules surrounding theacceptance of foreign risks being discussed.INDIA Contact:In India, with the recent changes in law, there is an Alex Traillincreased effort to improve upon corporate governance. Partner at BLMThe Companies Act 2013 has a comprehensive regime forestablishing liability of a company’s directors and officers. T: +44 20 7865 8054For instance, under this act, the fiduciary duties of a director E: [email protected] a company have been clearly laid down, such as the dutyto act in good faith in order to promote the objects of thecompany, for the benefit of its members. On violation of anyof the duties prescribed, directors can be jointly or severallyheld liable and such liability can be civil or criminal.With the statutory recognition of fiduciary duties, it isexpected that Indian courts will see derivative actions beingbrought against the directors by shareholders and affectedparties. In a recent case, a derivative action was broughtagainst a director of a company by a shareholder for breachof fiduciary duties and the court ordered the director topay the undue gains realised as a result of breach of hisduties to the company. Furthermore, under the relativelynew Insolvency and Bankruptcy Code, 2016 directors maybe held liable for any business that has been carried onwith the intent to defraud creditors, not disclosing to theresolution professional all the property of the corporatedebtor etc. It will be interesting to see how risks arisingfrom such provisions are incorporated in the D&OPolicies in India. 15
Search
Read the Text Version
- 1 - 16
Pages:
