Q3 2023 FINPRO Management Liability: Need to Know

Every quarter, our management liability team provides noteworthy trends and emerging issues to help US-based companies make decisions to manage their risks. We will cover topics related to directors and officers (D&O) liability, employment practices/wage & hour liability, and fiduciary liability risks and share insights on building an effective, customized insurance program that is fit for an evolving risk landscape.

Our Q3 2023 issue focuses on:

• D&O updates surrounding the broadening personal liability risk landscape, the SEC’s cybersecurity disclosure rules, and the challenges facing both pro- and anti-ESG related claims.
• Potential implications in the employment practice liability space following SCOTUS ending affirmative action in college admissions, and ruling in favor of refusal of expressive services on religious beliefs
• The impact of the June 2023 MOVEit cyber breach and the significance of settlements related to the Consolidated Omnibus Budget Reconciliation Act (COBRA.) on fiduciary insurance

D&O Liability

Broadening personal liability risk landscape encourages expanded and innovative insurance solutions

Directors and officers of public companies continue to face myriad risks, with their personal assets increasingly being exposed to litigation or regulatory action. To mitigate these risks, executives should consider ways to expand personal asset protection. These efforts may shield executives from paying out of pocket, and can also help attract new talent by providing the peace of mind that personal assets will be as secure as possible.

In most circumstances, executives look first to the indemnity protection offered to them by their companies, rather than the directors and officers liability (D&O) insurance policy that backs up the company’s balance sheet. But, directors and officers must keep in mind that not all exposures they face will be indemnified by the company. For example, unlike claims under the 1933 Securities Act or 1934 Securities Exchange Act, settlements resulting from shareholder derivative actions — which have emerged as a significant exposure for directors and officers in recent years — may not be fully indemnifiable absent some exceptions.

Specifically, companies are generally permitted to indemnify directors and officers for the cost of defending themselves in a shareholder derivative action, but many states prohibit indemnifying for resulting settlements. As a result, executives must look to Side A D&O insurance to cover this exposure where indemnity is not available.

It is important to note that the severity associated with derivative actions has increased in recent years, and we have seen some historically large settlements. This is, in part, due to the so-called resurgence in claims that directors or officers breached their oversight duties to a company by failing to monitor a mission critical risk.

In addition to assessing whether an organization is buying sufficient Side A limits, executives should consider a range of options. First, if they are independent, directors may look at purchasing independent director liability Side A coverage. Second, directors may consider an enhancement — such as the Marsh’s Side A+ Flip coverage — that provides multiple layers of additional Side A difference in conditions (DIC) capacity at no additional cost.

Third, because claims-handling may be cumbersome for an individual facing personal asset exposure, directors may consider an option such as the Bermuda SAFe policy form. This form, a proprietary Marsh product, streamlines the coverage and simplifies the claims-handling by allowing only a single carrier to make coverage determinations.

In addition to derivative claims, the SEC’s Dodd-Frank compensation clawback rule will go into effect on December 1, 2023. This rule, adopted in October 2022, requires the return of executive compensation based on financial metrics that were later determined to be inaccurate. An executive need not be at fault, or even aware of, any such erroneous financial metrics to be subject to this clawback. Bowring Marsh (Bermuda) has worked with various carriers in Bermuda to develop solutions for this exposure.

Personal asset risks are the most critical aspect of a D&O program and individual executives should ensure that their companies are up to date on the most cutting edge solutions.

SEC’s cybersecurity disclosure rules lead to heightened reporting burden

Following an extended review process, in July, the SEC adopted final rules for cybersecurity disclosures required of publicly-traded companies in the US. The rules were adopted in substantially the proposed form, with some exceptions.

Perhaps the most significant aspect of the new rules is the requirement that a company report to investors cyber incidents within four days of determining that the incident would have a material impact on the organization. The procedure for determining whether a cyber incident is, in fact, material must be made “without unreasonable delay.”

Companies must also disclose elements of their cyber incident management practices as part of the new disclosures. The only exception to the four-day requirement is if the US Attorney General determines that disclosure would present a threat to national security.

The SEC acknowledged that a large number of comments submitted during the review period were critical of the four-day time requirement and proposed a longer one. Ultimately, the SEC did not change that requirement.

The SEC did, however, decline to adopt initial proposals regarding reporting on aggregated cyber matters and reporting on the cyber expertise of individual board members.

As a result of these new rules, companies will need to be even more mindful of their cybersecurity frameworks and, specifically, how matters are analyzed and communicated to investors. While cyber incidents have drawn shareholder lawsuits in recent years, the new rules may also provide a more concrete blueprint for the plaintiffs’ bar. For example, it is likely that companies will receive more books and records requests following a cyber breach event seeking communications on the timing of the newly required materiality determination. Plaintiffs’ lawyers may seek to accuse a company of failing to act “without unreasonable delay” in determining whether an event is material to investors.

Companies should be prepared to offer details to D&O underwriters about how they plan to implement these rules in order to mitigate insurer concern that they are vulnerable to claims of non-compliance.

Both pro- and anti-ESG related claims facing challenges

Environmental, social, and governance (ESG) issues have resulted in litigation against a number of companies, along with other investor challenges and demands. With claims by both those that favor ESG and those that oppose it, companies face uncertainty on the best approach to these issues. While many cases remain outstanding, some recent decisions show that the plaintiffs’ bar may face an uphill battle.

Overall, courts in the US and elsewhere have voiced a degree of reluctance to second guess board and management decisions about communicating on ESG matters. For instance, a court rejected a request by a stockholder of a major entertainment conglomerate to compel the company to produce books and records relating to the board’s decisions to comment on a matter of public policy in Florida — which resulted in a public spat with the state’s governor. According to the court, a seeker of books and records must have a “proper purpose.” Here, the ruling stated, the company’s commentary on the Florida law was motivated by an effort to maintain a “positive relationship with employees and creative partners,” adding that this was crucial to the company’s success. And, the opinion noted, the commentary “did not come at the expense of shareholders.”

Similarly, a court threw out a claim against a consumer goods company accusing executives of a delay in telling investors about a decision by one of its subsidiaries to cease sales in parts of the Palestinian territories. In dismissing the securities fraud class action, the court held that the plaintiffs did not allege any “conscious misbehavior or recklessness” in delaying the message on the subsidiary’s resolution. This case shows the high bar that investors must reach to make a viable claim of securities fraud.

Finally, outside of the US, the High Court of England Wales tossed out a shareholder derivative action accusing an oil and gas company of failing to prepare for the global fossil fuel energy transition. According to the lawsuit, the company’s board was not sufficiently preparing for its commitment to net zero carbon emissions by 2050. In rejecting these claims, the UK high court found that the plaintiffs did not have a viable case due to large businesses needing to “take into account a range of competing considerations.”

Confronting ESG- and climate-related matters is unavoidable for companies, and more regulatory rulemaking is on the horizon. As a result, underwriters are focused on companies’ ESG initiatives and strategies because of the risk of both shareholder litigation and regulatory enforcement. This means it is critically important to be familiar with how courts are viewing these issues when negotiating renewal terms with D&O underwriters.

[Back to top]

Employment Practices/Wage & Hour Liability

Potential implications for employers’ diversity programs after SCOTUS ends affirmative action in college admissions

On June 29, 2023, in a 6-3 decision, SCOTUS held that the use of race in the admissions programs of a private and a public college violates both the equal protection clause and Title VI of the Civil Rights Act of 1964.

What could this decision mean for private employers? The decision arises in the context of Title VI of the Civil Rights Act and the Fourteenth Amendment. The Fourteenth Amendment does not apply to private employers and Title VII, not Title VI, covers employment. This has led several law firms to opine that the decision does not have an immediate impact on the legal standards that govern affirmative action and diversity-focused initiatives in private employment. Furthermore, following the decision, Equal Employment Opportunity Commission Chair Charlotte A. Burrows said in a statement that the opinion “does not address employer efforts to foster diverse and inclusive workforces…[i]t remains lawful for employers to implement diversity, equity, inclusion, and accessibility programs that seek to ensure workers of all backgrounds are afforded equal opportunity in the workplace.”

Nevertheless, Justice Gorsuch, in his concurrence, discussed the implications in the workplace, noting the resemblances between Title VI and Title VII. He specifically notes, “that everything said here about the meaning of Title VI tracks this Court’s precedent in Bostock interpreting materially identical language in Title VII.”

Thus, while the legal framework for employers has not changed, we expect heightened scrutiny and more challenges to employers’ diversity, equity, and inclusion (DE&I) initiatives. In fact, in a July 13, 2023 letter, Attorneys General of 13 states warned the CEOs of Fortune 100 companies about potential legal consequences over race-based employment diversity policies. Companies may also see challenges from shareholders who oppose DE&I and other corporate social responsibility efforts.

Regardless of the potential implications, employment practices policies (EPL) provide broad coverage for wrongful employment practices, including discrimination and wrongful termination. Another consideration is who is bringing the claim. EPL coverage often requires that a claim be brought by a person that has been aggrieved by the alleged actions, such as an employee or an applicant for employment. This case was brought by an organization.

We expect markets to continue asking questions regarding employers’ DE&I initiatives, such as, whether the company has diversity goals, if the company requires implicit bias training, and whether the company actively supports workplace diversity.

A unanimous SCOTUS “clarifies” undue hardship standard in religious accommodations

In a June 2023 decision, SCOTUS “clarified” the standard that employers must satisfy to show that granting a religious accommodation would create “undue hardship” to their business. The Court’s unanimous decision was that “Title VII requires an employer that denies a religious accommodation to show that the burden of granting an accommodation would result in substantial increased costs in relation to the conduct of its particular business.”

The Supreme Court’s decision did not expressly overrule one from 1977. Instead, SCOTUS eliminated a widely-used interpretation of the 1977 decision by lower courts that “undue hardship” means any accommodation for which the employer must bear more than a “de minimis” cost and clarified the correct standard for analyzing the undue hardship defense.

SCOTUS did not decide the facts of the case. Rather, the court sent the case back to the district court to analyze under the clarified standard. Thus, employers must now use the heightened standard established by the recent case when deciding religious accommodation requests.

The general thought from attorneys is that courts have been eating away at the application of the de minimis standard for several years. Thus, attorneys do not generally see the recent SCOTUS opinion as materially changing the legal landscape for employers, it remains important for employers to keep an eye on any developments.

SCOTUS rules in favor of refusal of expressive services on religious beliefs

On June 30, 2023, in a 6-3 decision, SCOTUS ruled that, “[t]he First Amendment prohibits Colorado from forcing a website designer to create expressive designs speaking messages with which the designer disagrees.” SCOTUS held that the website qualifies as the designer’s own pure speech, which the government may not compel.

Although the decision is not an employment case, it may have implications for employers whose businesses are considered places of public accommodation and third party discrimination claims.

The Supreme Court’s decision does not alter the fact that employees cannot bring First Amendment claims against private employers. Employers preserve the right to prohibit discrimination and harassment in the workplace and maintain policies ensuring a welcoming environment. Importantly, employers may continue disciplining employees who engage in discrimination or harassment.

[Back to top]

Fiduciary Liability

ERISA cyber liability

Cyber liability has become a significant challenge for fiduciary plans. Over the last few years, a handful of single plaintiff actions have been brought against plan sponsors alleging breach of fiduciary duty related to cyber events. The majority of these cases revolved around an individual participant’s funds being stolen through social engineering methods while they were in the care of the record keeper. Since 2021, the Department of a Labor has instituted cyber questions as part of their audits related to the Employee Retirement Income Security Act (ERISA.).

The June 2023 MOVEit cyber breach impacted some of the largest investment management and record-keeping firms. Some of these companies are facing class-action lawsuits alleging failure of the record-holder to secure personal information of plan participants. It is still unclear whether the plan sponsors will be brought into these suits considering their duty under ERISA to vet the security of vendors before entrusting them with participant data or funds.

This case is likely to trigger more questions from fiduciary insurance underwriters related to plan sponsors’ cyber controls. We expect underwriters’ questions to focus mainly on plan sponsors’ process for vetting cybersecurity vendors before entrusting them with data and funds.

COBRA continues to bite

This summer, there were significant settlements related to the Consolidated Omnibus Budget Reconciliation Act (COBRA.) A large financial institution settled with 50,000 claimants for $1 million. The action, brought in 2022, revolved around misleading threats in notification letters to former employees going back to 2018. Plaintiffs’ attorneys in the case can petition for up to 30% of the settlement in attorney costs.

In July, one of the world’s largest retailers settled a COBRA suit for an undisclosed amount a few days before the case was set to go to trial. In this case the plaintiffs had alleged that the notice included “threatening language” that intimidated employees to not enroll into COBRA.

With the official end of the COVID–19 national emergency, COBRA extension periods and election times changed again this July. The regulations around which period applies may be confusing, which could lead to more alleged errors by sponsors.

This August, an Illinois judge dismissed some of the counts against a large drug store chain but is allowing the COBRA case against them to move forward. This suit, filed in March, relates to acts that took place in 2020. The court dismissed the claim that providing two separate notices about the election period was confusing. The court also dismissed allegations that the election period that qualified during the COVID-19 national emergency period was incorrect. The company had filed various motions attempting to dismiss the case, stating that they had adequately complied with COBRA regulations. Since this is not the first COBRA-related case the company has faced, employees have alleged that this is an ongoing attempt to avoid the costs of COBRA by dissuading enrollment.

Companies can face COBRA penalties up to $100 per day per employee. This is an important consideration when structuring both the penalties coverage and administrative error coverage under your fiduciary insurance programs.

Excessive fees, with a twist

Just when sponsors seem to be putting some defenses together for retirement plan excessive fee cases, plaintiffs may be starting to use a new tactic.

The Consolidated Appropriations Act of 2021 outlines disclosure requirements for vendors related to ERISA-eligible group health plans. This includes disclosure of compensation to vendors and a reasonableness factor. These items are similar to the duties under ERISA alleged in the retirement plan excessive fee suits surrounding diligence in evaluating expenses.

Schlichter Bogard & Denton — the firm that started and perfected retirement plan excessive fee litigation — has been using social media to solicit employees of several Fortune 500 companies, inquiring if their healthcare costs are transparent.

This new tactic is expected to lead to fiduciary insurance underwriters starting to ask for information on healthcare plan fee transparency and disclosures.

[Back to top]