Directors and officers (D&O) insurance liability coverage terms continue to evolve in ways that can be important to directors and officers when lawsuits or investigations against them arise. In his 2022 speech “Reining in Repeat Offenders” at the Distinguished Lecture on Regulation at the University of Pennsylvania Law School, Director Rohit Chopra of the Consumer Financial Protection Bureau (CFPB) stated that “[a]chieving general deterrence is an important goal for the CFPB” and “the role of individual liability cannot be discounted.” To that end, the CFPB recently proposed an enforcement order registry that would, among other things, require certain larger participant nonbanks subject to the CFPB’s supervisory authority to designate a senior executive who is responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the registry to attest regarding compliance with covered orders and submit an annual written statement attesting to the steps taken to oversee the activities subject to the applicable order for the preceding calendar year and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.
It is not surprising that one of the major questions that has arisen about D&O insurance is the extent of coverage for regulatory enforcement actions. Other questions arise in interpreting the scope of exclusions for D&O insurance coverage, such as a pending and prior claim, the performance of professional services, invasion of privacy (and whether data breaches are covered), and fraud. These terms can be particularly important for directors and officers in the heavily regulated financial services industry.
Fortunately, in the midst of decreasing premiums and a very competitive insurance market, new and broader coverage features have appeared as carriers try to distinguish themselves. Corporations and financial institutions need to understand both the coverage options and the negotiable terms, particularly in this buyer’s market. After all, no one wants to try and explain to senior management or a board of directors facing a claim why their D&O insurance policy does not cover the claim when available standard-in-the-industry policies typically would.
Are regulatory enforcement actions included in coverage terms?
Responding to inquiries from agencies such as the CFPB, Securities Exchange Commission (SEC), Department of Justice, state attorneys general, and federal and state banking agencies can be disruptive and expensive. As a threshold matter it is important to understand the extent of D&O insurance coverage, including the kind of inquiry that triggers coverage under a D&O insurance policy. The first step is to make sure you understand which regulators are covered when there is an inquiry or enforcement action. Some policies limit coverage to the SEC or certain banking agencies. This may raise coverage issues if, for example, the CFPB (which is not strictly a banking agency) comes calling. Better language is for a policy to cover claims from any federal or state agency.
Do D&O policies cover costs incurred in responding to informal inquiries?
For example, while some policies might cover an informal document request and employee interviews by a government agency, other policies might not. Also, while many policies now offer some coverage of a formal government agency civil investigative demand (CID) or subpoena to a company, the specific scenarios in which a CID or subpoena is covered can vary between policies, and there are often add-on coverage terms that a company can request upon renewal that will cover more scenarios in which such a subpoena might arise.
When facing an ongoing government investigation, what is a “claim” that will trigger preclusion of D&O insurance coverage under an excess policy’s “pending and prior claim” exclusion?
In a case out of the Southern District of New York, the policy language provided that the excess policy did not apply to “any amounts incurred by the Insureds on account of any claim or other matter based upon, arising out of or attributable to any demand, suit or other proceeding pending or order, decree, judgment or adjudication entered against any Insured on or prior to July 31, 2011.”1 The court ruled that the parties had agreed to exclude from the excess policy coverage any claim as defined in the language of the primary policy.
Unfortunately for the insured company, the court also ruled that an ongoing SEC investigation, even though it was not being covered by any insurance policy, was a claim as defined under the primary policy and thus was subject to the pending and prior claim exclusion of the excess policy. This case emphasizes the importance of clarifying definitions of a claim within the relevant policies. It also highlights the importance of understanding and potentially negotiating the use of prior and pending litigation exclusions in excess policies, which are becoming a more common practice.
What are some considerations for losses arising out of the performance of professional services?
Exclusions in D&O insurance policies for loss arising out of the performance of professional services are typically in place to keep claims covered by a company’s errors and omissions (E&O) insurance out of D&O coverage, but they can create issues when a director or officer who also provides services is sued in their capacity as a director or officer for consequences of their services. Recent court decisions raise some important considerations for these kinds of exclusions.
In Stettin v. National Union Fire Insurance Co. of Pittsburgh, PA,2 the Eleventh Circuit held that a bank’s D&O insurance policy’s professional services exclusion precluded coverage for all insureds, not just those delivering the services. The exclusion in the case provided that the insurer would not be liable for claims “made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others.…” The court held that the phrase “any Insured” made the insurer’s obligations jointly held, which prohibited recovery from any insured.
However, the policy at issue in this case did not have a severability provision. The court’s opinion suggests that a professional services exclusion in a policy with a severability provision would preclude coverage only for those who actually performed the professional services, so this is something that companies should confirm is in their policies upon renewal.
Another consideration is the broad language that was used in the clause in this case—it uses words like “arising out of,” “based upon,” or “attributable to” the professional services provided. These words could potentially threaten any and all coverage under the policy, depending on the nature of the business. Companies should consider narrowing the exclusion in the professional services context to ensure that the clause serves its purpose and does not preclude too much coverage. For example, companies should request language that states that the exclusion applies only “for” professional services instead of “arising out of” or “based upon” professional services.
Another issue involving professional services exclusions, particularly for banks, are fee cases. Overdraft fees, as well as a lot of other fees, including junk fees, have been a focus of regulators. A case from the Seventh Circuit considered the question of insurance coverage for a bank’s obligation to repay overdraft fees.3 In this case, a bank customer filed suit against the bank, seeking relief from “unfair and unconscionable assessment and collection of excessive overdraft fees.” The bank filed suit against its insurer for refusing to pay defense costs in the lawsuit.
The policy at issue had a duty-to-defend clause under which the insurer agreed to pay for claims “for a Wrongful Act committed by an Insured or any person for whose acts the Insured is legally liable while performing Professional Services, including failure to perform Professional Services.” In an arguably contradictory clause, however, the policy also had an exclusion “for Loss on account of any Claim … arising from … any fees or charges.” The court affirmed the denial of the companies’ entitlement to payment for defense costs, ruling that the fees exclusion absolved the carrier of an obligation to pay such costs. Cases like these reinforce the importance of making sure the language in D&O insurance policies provides unambiguous defense-costs coverage for these kinds of fee cases.
Many carriers will, upon request, significantly narrow or even remove some exclusions like the professional services exclusion. Therefore, it is important to be aware of the potential consequences of the language surrounding the exclusion and be prepared to negotiate with the insurer as needed.
How does a D&O insurance policy exclusion for invasion of privacy impact cyber breaches?
It is not uncommon for D&O insurance policies to have clauses that exclude claims based on invasion of privacy. Recent case developments suggest that, based on these kinds of clauses, coverage may not be available in claims against directors and officers in cyber breaches.
The Ninth Circuit affirmed a holding that the Los Angeles Lakers were not entitled to D&O insurance coverage for allegations that the team violated the Telephone Consumer Protection Act (TCPA).4 The court held that “because a [TCPA] claim is inherently an invasion of privacy claim, [the insurer] correctly concluded that the underlying [TCPA] claims fell under the Policy’s broad exclusionary clause.”
This decision could affect coverage of cyber-liability claims involving cybersecurity and data privacy, which are becoming increasingly common and which often touch on invasion of privacy issues. Companies may want to consider negotiating with insurers to obtain an exception in their existing exclusionary clauses, an add-on to the traditional policy, or a separate, cyber-specific product that would cover those privacy claims.
What is “final” for purposes of a D&O insurance policy’s fraud exclusion?
It is not uncommon for D&O insurance policies to have fraud exclusions, which often provide that the exclusion is only triggered after a “final” judicial determination that the excluded conduct has occurred. However, the issue of what a “final” determination is can affect the extent to which the insurer is willing to continue to offer coverage for a claim.
Companies should look for fraud exclusions in their D&O insurance policies that refer to a “final, non-appealable adjudication,” not simply a “final judgment.” In a New York state case,5 after a former CEO was sentenced for the commission of various fraud crimes, he filed an appeal of his convictions. While the appeal was still pending, however, his D&O insurer asked to be relieved of its obligation to defend the plaintiff because the fraud exclusion in its policy was triggered upon a “final judgment against its insured.”
The former CEO filed suit against his insurer, but the New York Supreme Court, Appellate Division, First Department affirmed the trial court’s ruling that the insurer was no longer obligated to pay his defense. The court held that the imposition of the criminal sentence was a “final judgment,” which appropriately triggered the fraud exclusion in the policy. The court explained that even if an appeal is successful, “the finality of [the sentence] is not changed.” Needless to say, without insurance paying for the defense, a director/officer is dramatically constrained in the ability to mount an effective defense on appeal.
This case shows how important it is that a D&O insurance policy’s fraud exclusion uses the language “final, non-appealable adjudication” instead of language like “final judgment,” or even “final adjudication.” Insured entities should seek fraud exclusion language that ensures they are defended until all appeals have been exhausted.
Defense Costs: Duty to Defend v. Duty to Indemnify
Finally, a company needs to consider whether it wants to have primary control over the defense of a covered claim or wants the insurer to have primary control. An advantage of having the insurer control the defense—a “duty to defend” policy—is that the coverage requirements can be a bit more broad in many states. The main advantage of the company having primary control of the defense in a so-called “duty to indemnify” policy is that the company gets wider latitude in choosing lawyers that it trusts and knows to have the appropriate experience to handle the matter, even if those lawyers’ rates are higher than the rates of lawyers the insurer might choose. Under either of these arrangements, the carrier would pay covered defense costs.
Conclusion
As D&O insurance liability coverage terms change and adapt to industry trends, they become an increasingly important consideration when directors and officers find themselves facing lawsuits or investigations. While complex, many of the terms and features of coverage can be negotiated with D&O insurance providers. Companies should consider reaching out to insurance brokers and attorneys who specialize in D&O insurance in the financial services industry to assist them in this process.
2 861 F.3d 1335 (11th Cir. 2017).
4 Los Angeles Lakers Inc. v. Federal Insurance Co., No. 15-55777 (9th Cir. Aug. 23, 2017).
5 Dupree v. Scottsdale Insurance Co., 129 A.D.3d 586 (2015).