EIOPA’s Market and Credit Risk Comparative Study: Key takeaways
Key takeaways from EIOPA’s comparative study on market and credit risk modelling.
Directors and officers (D&O) insurance has experienced significant increased risk exposure in recent years. Coverage provides varying levels of protection for decisions made by a firm’s leadership. Typically, companies carried D&O insurance simply because it provided additional protections to the firm’s executives for such a low premium. However, this is changing because insurers are calling for higher rates after being thrust into an ever-changing social environment. These recent trends have increased the demand for D&O insurance coverage and overall costs to the insurers. Due to the large number of insurers offering this policy, 2017 rates remained competitive despite an 11-point loss ratio increase, the largest increase since 2011.1 However, 96% of insurers say that risk is increasing and 80% of them expect D&O insurance rates to rise in 2019.2 D&O insurance rates increased in the first quarter of 2019, and this is expected to continue throughout the year. Due to the growing instability of D&O coverage, insurers have their eyes on three rising risks: increased securities action lawsuits, heightened awareness to social issues, and growing cyber risks and data protection laws.
Lawsuits driven by shareholder opposition have taken center stage, especially during the hot environment of popular initial public offerings (IPOs). The IPO of ride-share company Lyft went public on March 29, 2019. Investors served the company a securities action lawsuit within the first two weeks of going public. However, this is not surprising because securities class action suits reached a 20-year high in 2018 at 217 cases with no expectation of slowing. Further, investors have a high incentive to sue because settlements have increased a staggering 71% to $2.4 billion in 2018 from $1.4 billion in 2017.3 Ultimately, these significant shifts in frequency and severity have not been accurately captured in rate projections, which are thus likely inadequate.
The increase in number of suits filed is driven by a unanimous United States Supreme Court decision in March 2018. Cyan, Inc. v. Beaver County Employees Retirement Fund (Cyan) set a new precedent on the jurisdiction where securities action lawsuits can be tried. Historically, lawsuits against the Securities Act of 1933 (1933 Act) and the Securities Exchange Act of 1934 could be consolidated into a single case in federal court. The Cyan conclusion now allows 1933 Act lawsuits to proceed in state courts, which eliminates the ability to consolidate cases. This doubles the number of cases and costs to the offending company.4
For example, notable vintage goods provider Etsy was the subject of two class action suits related to its IPO-- one in the state of California and the other in federal court. Unable to consolidate the cases, the company was required to fight both under different jurisdictions and court rules despite arising from the same incident. Its D&O insurer was on the hook for the costs from both lawsuits. Unfortunately for insurers, in addition to frequency, the case verdict is also expected to change the severity of D&O claims.5
D&O claim costs are expected to surge in response to the Cyan decision. Historically, D&O insurers and lawyers would move to dismiss or settle the securities class action suits in federal court. In these two instances, a court case would not actually ensue eliminating the massive litigation costs associated with a lawsuit. Now, highly specialized lawyers are required for a new legal strategy in state courts, which is likely to drive up litigation costs for insurers.6
Aside from the Cyan case, total claim costs are growing as a whole. According to Chubb’s press release on July 10, 2018, the combination of attorneys’ fees and settlements have increased 63% to $4.5 million from 2012 to 2016.7 These are figures for fully settled cases. For dismissed cases, total costs have increased a whopping 162% to $2.3 million in that same four-year period.8 Insurers’ D&O rate projections become significantly more uncertain without sufficient historical data on the shifts in future lawsuits. Insurers need to react to these swings and uncertainties, which is driving the rate increases this year.
In 2017, the downfall of Hollywood director Harvey Weinstein and the uprising of women against sexual misconduct shook the world. The legendary #metoo movement has led to sky-high employment practices liability insurance (EPLI) claims against executives accused of misconduct. However, insurers should prepare for D&O insurance claims against those firms as well.
EPLI and D&O insurance coverage go hand-in-hand. D&O coverage will provide protection if a firm’s board acts inappropriately when handling a sexual misconduct case. Many of these cases reveal company leadership’s effort to cover up the events to preserve their reputation. Wynn Resorts and Signet Jewelers are just two examples of firms accused of suppressing misconduct. However, a cover-up is not necessary to trigger a D&O claim. A firm’s negligence to properly cultivate a harassment-free environment is enough to initiate a lawsuit. D&O insurers expect an adverse shift in the number of future claims and ultimate settlement amounts for these high-profile cases fueling their calls for higher insurance rates.
D&O insurers also expect a rise in discrimination and equal pay claims. Discrimination can vary widely from race to gender. For example, Nike was recently hit with a class action lawsuit over allegations of a boys’ club environment. Ex-Nike employees assert the club is responsible for the hostile corporate culture and gender pay gaps. The lawsuit is ongoing. A D&O policy has likely been essential to help cover Nike’s lawsuit costs. In the end, the lawsuit’s verdict could serve as a new precedent in these types of cases, and D&O insurers could be on the hook for it.9
Cyber security risks remain one of the top concerns among corporations and insurers. What began as an IT issue has now shifted to management level as a primary risk management concern. This increases exposure of cyber-related claims against a firm’s board to D&O insurers. D&O insurance can be triggered from numerous types of events. A firm’s leadership can be deemed negligent if there is no cyber insurance policy in place or can face serious consequences if they withhold data breach announcements from consumers. For example, Yahoo! was required to pay an $80 million settlement from a securities class action suit for failing to disclose its cyber breach in 2018, the first of its kind.10 This large settlement has set an important precedent for future cyber disclosure violators, and D&O insurers can expect a hefty award if their policyholder is at fault. In addition, D&O insurers are expressing a growing urgency to insurance rate increases in light of the new data protection laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which is expected to take effect on January 1, 2020.11
The GPDR and CCPA both offer the same goal to the public: to protect individuals’ personal data. These progressive laws have created a substantial challenge for companies that rely on personal data for business, with significant adverse consequences. Non-compliance fines are exceptionally high under the GDPR as a €10 million penalty could be imposed if a company fails to disclose a data breach within 72 hours. Further, the company would likely be subject to negative publicity leading to adverse financial consequences. For instance, Cambridge Analytica was forced to shut its doors after its unlawful use of consumer data through Facebook’s platform. However, even if a firm remains open amid its reputational nightmare, it will likely face securities action lawsuits from the financial ramifications to investors, sparking even more D&O claims.12
Further, D&O insurers could also be on the hook for lawsuits related to the cost to comply with the GDPR and CCPA. Many tech firms are subject to sweeping changes in their business structure and their handling of consumer data. Some of the largest firms such as Google and Facebook are even facing significant struggles toward compliance. Facebook faced a lawsuit in July 2018 for misleading statements regarding the financial impact of complying with GDPR, thus causing large losses to investors. As the CCPA effective date approaches, there is an expectation for these lawsuits to continue as U.S. firms hurriedly develop technology and corporate guidance to be ready for compliance. Therefore, a proper D&O insurance policy is necessary to cover the additional complexity of adhering to these laws.13
D&O insurers are now faced with increased exposure to cyber risks. Many have stemmed from regulation changes unforeseeable by insurers. These changes have and will continue to directly affect these insurers, helping fuel the call for higher insurance rates.
In general, insurers face challenges in predicting the impact of future exposure increases for all coverages. D&O insurers have been specifically affected by the ever-changing social environment, making historical data nearly unusable to predict future losses. Due to the heightened uncertainty stemming from higher frequency and severity of securities action lawsuits, increased social reform awareness, and cyber security risks, D&O insurers are beginning to increase rates in 2019 and are continuing to advocate for rate hikes after years of low affordable rates. Nearly all D&O insurers believe risks are increasing without any signs of slowing, indicating 2019 may be the first of many years insureds will face unexpected D&O insurance rate hikes.
Three rising trends in D&O insurance
Due to the growing instability of directors and officers coverage, insurers have their eyes on three rising risks: increased securities action lawsuits, heightened awareness to social issues, and growing cyber risks and data protection laws.