Thursday, April 24, 2008

D&O Insurance: Got Protection?

D&O Insurance: Got Protection?
By David W. Tate, CPA, Esq.
April 24, 2008

As directors and officers are hit with lawsuits from shareholders, employees, clients, competitors and the government, insurance is one way to protect against the liability—whether at home or abroad.

Consider this: You’ve been a director and an audit committee member of a company for about a year when you learn that the CEO, CFO and directors are being sued by shareholders for alleged financial fraud that has been ongoing for three years.

Further, the recently fired whistle-blower employee has filed a separate lawsuit against the CEO and the audit committee (which oversees the whistle-blower reporting process) for wrongful termination and retaliation. And the SEC has begun its own investigation.

All of the plaintiffs are seeking compensatory and punitive damages, and the fired employee is also seeking attorneys’ fees.

To make matters worse, you’ve been told that the lawsuit is not covered by the directors and officers (D&O) insurance policy (coverage may be denied for the fraud claim because the company withheld information in the application for insurance, or for all the alleged intentional wrongful acts). The fees that are being paid to the defense attorneys are reducing policy limits that could be used to settle the case, and it has been mentioned that you have to pay some of the costs to defend and help settle the case.

As a director or officer, knowledge of D&O and related insurance issues is key to knowing what questions to ask and understanding whether the company’s D&O insurance coverage and application process sufficiently protect you from liability.

Standard D&O insurance covers:

• Liabilities owed by the individual directors and officers, including attorneys’ fees (sometimes referred to as Side A liability coverage); and

• Amounts paid by the company as indemnification when the company is able to indemnify the directors and officers for liability arising from alleged wrongful acts (sometimes referred to as Side B indemnity coverage). Some policies also provide coverage (sometimes referred to as Side C entity coverage) for certain claims made directly against the company. There is tremendous variation in insurance policy coverage, so each should be structured to address the specific needs of the company for which it is written.

Losses Covered

Losses typically covered under D&O insurance include amounts that the directors or officers are legally obligated to pay for claims against them for wrongful acts, including settlements, judgments, costs of litigation and investigation, attorneys’ fees and other related items. The definition of the losses covered under the company reimbursement provision typically includes amounts that the company is permitted to pay to indemnify the directors and officers. From the insurance policy’s viewpoint, a company’s indemnity payments are a loss: they are payments that the company has to make to directors or officers to pay for liability that they incur as a result of their wrongful acts. Policies are self-liquidating, meaning that the amounts paid, such as for attorneys’ fees, reduce the amount remaining for future coverage.

Generally, coverage won’t include fraud, willful or intentional wrongdoing, and criminal or highly culpable misconduct. Whether or not an act is willful or highly culpable may be the subject of disagreement, but an option may be available that makes coverage contingent upon some final judgment of wrongdoing. Losses relating to punitive damages also generally are not covered. And depending on circumstances, fines, penalties and treble damage amounts may or may not be covered.

D&O Coverage Exclusions and Other Limitations

The following are typical exclusions for which the director/officer should be aware of or on the lookout for. That said, if there is an exclusion, it may be possible to purchase an endorsement to the policy, or a separate policy, to cover the excluded area. For example, it would be possible to add an endorsement/separate policy to cover employment practices liability, or ERISA, or bodily injury and property damage.

• Other or prior insurance. Coverage is typically excluded if the company's payment for loss or indemnity is covered by other or prior insurance.

• Bodily injury or property damage.

• Losses relating to pollution or contamination.


• Libel and slander claims.

• Personal gain. Claims relating to personal profit or advantage to which the insured was not legally entitled.

• Unauthorized remuneration. Claims seeking restitution of amounts paid to directors or officers without prior shareholder approval, or that a court has held to be unlawful.

• Securities Exchange Act Sec. 16(b) Short Swing Profits. D&Os are liable to pay back profits that they obtain by buying and selling, or selling and buying stock of the company in which they are a D&O if they hold that stock for a period of less than six months. These are referred to as short swing profits. The law is intended to prevent directors and officers to benefit from the unfair use of information that they receive.

• Breach of contract.

• Insured v. Insured. Claims brought by the company against directors and officers or former directors and officers, such as with respect to shareholder derivative suits or representative class action suits.

• Regulatory exclusion. Suits brought by federal or state regulatory agencies, or on behalf of an agency by a third party.

• Activities relating to mergers and acquisitions, golden parachutes, etc.

• Public offerings of securities.

• Prior acts. Policies are written on a claims-made basis, which means a claim—an allegation of liability by a plaintiff—must be made during the policy period. However, when a company has had a difficult history, such as a prior policy cancellation or non-renewal, a lapse in coverage or a serious financial crisis, there may be an exclusion for prior acts. Thus, the policy would cover only claims made for acts that occurred after the policy period began.

• Pending or prior litigation.

• Questionable payments. This includes items such as commissions, favors, or gifts paid to government officials, agents, employees, representatives and other related people.

• Discrimination. However, some D&O policies have added employment practices liability coverage. Alternatively, there may be an option to purchase a separate EPLI policy.

• Antitrust litigation.

• Failure to maintain insurance.

The following are some additional D&O application policy issues to consider:

• Concealment or misrepresentation. The application for D&O insurance requires the company to provide information regarding its history, operations, stock ownership, directors and officers, other insurance, certain transactions and acts or omissions that might provide grounds for future claims. The application for insurance is typically signed by an officer, to the best of that officer’s knowledge and belief.

Pursuant to California Insurance Code Sec. 331, intentional or unintentional concealment entitles the insurer to rescind the policy. Fraudulent misrepresentation also allows coverage denial or policy rescission. One option may be to include language stating that fraud or inaccuracies in the application are not imputed to innocent directors and officers who were unaware of the untrue or incorrect information provided. Another option may be for the policy to provide for nonrescindable coverage.

• Retention amounts. The insurer’s duty to make payments may arise only after those insured have incurred a loss that exceeds a set amount, referred to as a ”retention,” which is in essence a deductible. The individual director or officer will want to avoid a retention provision or have the amount be as low as possible. A multiple retention issue can arise when multiple claims arguably relate to the same wrongful act. One option may be for the policy to state that a single retention will apply to claims alleging or relating to related wrongful acts.

• Co-insurance. The policy may contain a co-insurance clause, requiring those insured to pay a share of the overall liability above the retention amount. Directors and officers will want to avoid a co-insurance clause, especially with respect to Side A coverage.

• Severability of conduct exclusion. Wrongful conduct of one director or officer may impact the coverage for other innocent directors or officers. Language should be included stating that wrongful conduct by any director or officer will not be imputed to the other directors or officers.

• Bankruptcy. In bankruptcy a lawsuit may be brought by a trustee or by creditors, arguably on behalf of the company. Thus, the lawsuit could be characterized as being insured v. insured, for which coverage might be denied. An option may be for the policy to exclude coverage only for claims brought by the company, not on behalf of the company. It has also been argued in bankruptcy that the D&O policy or proceeds may be an asset of the company, thus complicating any payment under the policy. An option may be for the policy to give priority to payments made to protect the directors and officers over payments made to protect the company.

• Timing of defense cost payments. Policies vary regarding the timing of the insurer’s payment of defense costs. For example, the insurer may want to make payments semi-annually, annually or prior to final disposition. Those insured and their attorneys will want the policy to require insurer payment or reimbursement within a specific number of days.

• Duty to defend. D&O lawsuits typically involve multiple defendants and multiple claims. The policy may provide coverage for some, but not all of the defendants and claims. Issues also may exist regarding which defendants and claims are covered. Some policies attempt to address these issues with language containing preset terms, or stating that payment is not required until the issues have been resolved by agreement.

Preset policy provisions usually are not favorable to those insured and a silent policy may be preferable. Generally there is a duty to defend an insured or potentially insured against covered and potentially covered claims, although the insurer may reserve its right of reimbursement. Additionally, even if indemnity is prohibited, there may still remain an insurer duty to defend.

• Amount of coverage and the shared limits. As a result of increasing settlement and judgment amounts, and increasing coverage being offered for entity liability and new areas such as employment practices, less coverage may be available to protect the individual directors and officers. Options that may be available include purchasing increased policy limits, policy wording that gives preference to payments made for the protection of the directors and officers, or wording that allocates certain policy limits exclusively for the protection of the directors and officers.

• Separating coverage for the directors and officers. Director and officer liability coverage (Side A coverage), although separate from the indemnity and entity coverage provisions in the same policy, may still be impacted by application concealment or misrepresentation, company bankruptcy, wrongful conduct by other people and liquidating policy limits. Various options may be available for the directors and officers, including the outside directors, through the purchase of a separate policy covering just those directors or officers, or an excess umbrella policy.

• Choice of law, jurisdiction, forum and alternative dispute resolution provisions. Directors and officers should have their broker or attorney review policy provisions relating to choice of law, where and how coverage disputes must be adjudicated, and dispute resolution requirements which may be disadvantageous to the insured.

As an example, an insurer that is headquartered in Philadelphia may want a policy that covers an insured that is located in California to state that all disputes will be resolved in Philadelphia under Pennsylvania law. Philadelphia as a location would be more difficult for the insured, and Pennsylvania law might be less advantageous to the insured than the insurance laws in California.

Some Additional Concerns

Directors and officers must strategically structure their policies. Insureds may want to consider carrier financial rating, claim paying experience, and policy limits. There has been a rise in the average dollar amount paid in class action settlements. Additionally, we are seeing remaining available policy limits being further reduced by escalating defense costs and claims being made that are different than historically typical securities claims, such as derivative lawsuits; stock option, subprime, and opt-out claims; and regulatory and criminal proceedings.

International issues have also become important. A D&O insurance program should take into account foreign jurisdictional requirements where a U.S. company has major operations.

Looking Ahead

While many directors and officers are increasingly focusing on enterprise risk management, they should also focus attention to their own liability exposure and their D&O insurance coverage, understanding that it is not uncommon for D&O insurance coverage to benefit the company, insiders and outside directors differently.

Generally, people involved with D&O insurance will want to evaluate their situation (the industry, products, services and risk exposures of the company and its directors and officers to lawsuit and liability—including the dollar amount of coverage that should be purchased) and need for insurance coverage. It would also be wise for an insured director or officer (as well as the company) to ask about each area of possible exclusion or limitation to see if the policy covers the company, directors and officers for those items. If the policy does not, some manner of coverage could or should be arranged either by an additional endorsement to the policy or by purchasing a separate policy to cover those areas in which it is determined that insurance can and should be purchased.

Lawsuits are filed against directors and officers for different and sometimes surprising reasons. But they all tend to involve large dollar liability risk and are expensive to defend. While D&O insurance is an important type of insurance that every public, private and nonprofit entity must consider, policies are not standardized and are generally written to address the specific—and sometimes conflicting—needs of the insured entity and D&Os, so it’s important that directors and officers fully understand the policy they are working under to ensure proper coverage.

Dave Tate is an attorney is San Francisco (and also a CPA). You can reach him at or

Sunday, April 13, 2008

SEC uses SOX 1103 to freeze payments to officers

SEC uses Sarbanes-Oxley section 1103 to temporarily freeze proposed payments to public company officers:

The U.S. Court of Appeals for the 9th Cir. recently upheld the right of the SEC to seek a temporary freeze on certain funds that a company proposes to pay to a company officer, director or affiliate during a limited time in which the SEC is investigating possible securities fraud. See, SEC v. Yuen (9th Cir. U.S. Court of Appeals).$file/0356129.pdf?openelement

Dave Tate, CPA, Esq.

Two interesting links: governmental transparancy; FCPA

Here are two links of interest around the internet: governmental transparency; and the Foreign Corrupt Practices Act:

1. The Association of Government Accountants ( ) has a new blog, beginning April 2008. If you are an accountant, or just a person interested in governmental accounting and financial reporting transparency, you may find blog articles of interest.

2. More on the Foreign Corrupt Practices Act, and increasing prosecution, both governmental and private party. Every company that has international dealings needs to consider whether it should implement an appropriate compliance program. This topic also should be appearing or starting to appear the radar screen for public company audit committees to at least consider.

Dave Tate, CPA, Esq.

Wednesday, April 2, 2008

Comments about New Century's Examiner's Report regarding the Audit Committee and Internal Audit

Comments about New Century's Examiner's Report regarding the Audit Committee and Internal Audit

The 500+ page February 29, 2008 report of Michael J. Missal, Bankruptcy Court Examiner, in In re New Century TRS Holdings, Inc., U.S. Bankruptcy Court for the District of Delaware, offers a somewhat rare opportunity to view how a person who is knowledgeable and has experience, in this case the Court Examiner (and his legal counsel), might, after the fact, evaluate the actions of corporate officers, directors, audit committee members, internal auditors and outside auditors in a corporate bankruptcy proceeding. Although the Examiner’s report does not hold the weight of a reportable court decision, it is nevertheless truly useful as a tool, such in the manner that a mock trial might be useful. The report can be found at:

The following discussion addresses only the Examiner’s report with respect to the audit committee and internal audit.

The Examiner notes that the four independent audit committee members “were capable individuals who approached their role with a sense of responsibility.” From May 2005 to the close of 2006 the audit committee met in person or by phone 21 times. “Moreover, the Audit Committee undertook significant activities in analyzing the ramifications of strategic decisions, the structure of management, reviewing financial reports, loan quality issues, and addressing operational concerns.” “The Audit Committee also turned to others for assistance, including [the outside auditor] for financial issues and the Internal Audit Department for operational issues.”

Nevertheless, the Examiner faulted the Audit Committee in four areas:

1. The Audit Committee did not ensure that management conducted an adequate analysis of entity-wide risk;

2. The Audit Committee did not ensure that key operational risks were addressed;

3. The Audit Committee did not give sustained attention to loan quality until 2006; and

4. The Audit Committee did not adequately supervise or make effective use of internal audit.

The Examiner also notes that internal audit was led by “a well-qualified internal audit professional,” who “hired qualified staff,” and that the internal audit personnel “seemed to pursue their responsibilities diligently and professionally.” “Moreover, consistent with sound practices, Internal Audit reported to the Audit Committee, developed a risk-based ranking of issues, typically provided written audit reports to the Audit Committee and developed a procedure to monitor recommendations for improvements. Internal Audit made valuable contributions to the governance and operations of New Century by preparing a significant number of audit reports, and in the process, identified issues concerning loan quality, regulatory compliance, loan servicing and loan appraisals.”

Nevertheless, the Examiner found the following “significant deficiencies” with internal audit:

1. Internal audit did not perform a thorough assessment of entity-wide risk;

2. Internal audit did not identify and examine certain areas of operational risk; and

3. Internal audit did not address internal control over financial reporting risk.

It should be kept in mind that neither the audit committee nor internal audit is responsible for the day-to-day operations of the business; thus, neither the audit committee nor internal audit was or could be the direct cause of the problems at the business. Essentially, although both the audit committee and internal audit diligently performed their functions, when looking at the financial problems that led to New Century’s bankruptcy, it is possible in hindsight to identify audit committee and internal audit deficiencies that may have helped to allow the financial problems to remain unfixed. It is that type of scenario that can present a most difficult dilemma for both the audit committee and internal audit: despite exercising diligence, if something goes wrong often it is possible for someone to argue that greater diligence or better diligence could have prevented the wrongful situation. The Examiner essentially argues that the audit committee and internal audit should have been more diligent, that they may have missed a couple of issues, and that they dropped the ball or did not aggressively enough follow through or pursue certain issues and deficiencies with management.

A lesson can be viewed from the Examiner and his approach to the New Century situation: it can only be concluded that at the end of the day, in performing their functions, both the audit committee and internal audit must do all that they can do to ensure that they have fully resolved each and every issue that they consider important to the risk management of the entity. And that leads to what appears to be a central criticism by the Examiner, that the entity should have and was required to fully implemented and entity-wide enterprise risk management program. Keep in mind that management, the audit committee and internal audit did engage in risk management. The Examiner concluded that those activities were not sufficient.

There is little hard authority for the proposition that the audit committee is responsible for oversight of entity-wide enterprise risk management. New Century was a public company, listed on the New York Stock Exchange. The Examiner references only “best practices for corporate governance,“ and cites N.Y.S.E. Listed Company Manual §303A.07(c)(iii) and (d), and Business Roundtable, Principles of Corporate Governance 17-20 (Nov. 2005). Section 303A.07 pertains only to audit committees of N.Y.S.E. listed companies, but does require those audit committees to discuss with management policies and guidelines relating to risk assessment and risk management, and the company's major financial risk exposures. There is other statutory authority requiring audit committees of all public companies listed in the U.S. to have certain oversight of financial and accounting internal controls; however, oversight of internal controls is not necessarily the same as oversight of enterprise risk management.

With respect to internal audit responsibilities, the Examiner does cite extensively from a couple of sources including from materials published by the Institute of Internal Auditors. The functions and responsibilities of internal audit to engage in enterprise risk management are much more clear. And, of course, the audit committee does interact with and oversee the performance of internal audit.

Whether or not sufficient authority exists to establish the proposition that public company audit committees are responsible for oversight of entity-wide enterprise risk management, or that it is now a broadly established best practice for public company audit committees to perform that oversight function, it can be argued that public company audit committees should at least be considering going in that direction to help protect themselves from after the fact second guessing if something goes wrong. Audit committees also should be working on their interaction with and oversight of internal audit. Internal audit is a tremendous resource to help the audit committee satisfy its functions and responsibilities, and to help the committee evaluate and monitor risk management.

Dave Tate, Esq.