Risks facing directors & officers
August 2018 | ROUNDTABLE | BOARDROOM INTELLIGENCE
Financier Worldwide Magazine
August 2018 Issue
In a world of change that is driving companies to the very limits of their adaptive capacities, risk is a consistent theme, especially for directors & officers. When a disruptive event cascades through interrelated systems – environmental, economic, technological and operational, for example – the damage can be catastrophic. Since the potential repercussions of poor decision making have never been greater, D&Os are under pressure to understand the range of risks they face, their materiality and the various approaches available to mitigate them, to limit the personal liability they face.
FW: Could you provide an overview of the current risk landscape as far as D&Os are concerned? What factors are driving these risks?
Midanek: We live in an ever-more interconnected world, in which acceleration of change is pushing the adaptive capacities of institutions, communities and individuals to their limits. Humanity faces systemic challenges, including fractures and failures affecting the environmental, economic, technological and institutional systems on which our future rests. When a disruptive event cascades through these interrelated systems, the results are likely not just to be incremental damage, but catastrophic damage on a hard-to-imagine scale. At the same time, boards of directors, responsible for the corporations which now control the majority of the wealth of the world, are embattled. Dealing with challenges from regulators, shareholders, cyber criminals and complex capital markets, in addition to the business challenges of managing talent, cost, competition and sales growth, keeps them constantly playing defence. Meeting only occasionally and dependent on information distilled for them by management, many directors do not fully understand their responsibilities, their authority and how to go about doing the critically important job that is uniquely theirs: protecting the corporation and its sustainable future.
Suskin: The increased number of securities class action filings remains a concern. 2017 was a record year for such filings. The complaints are both event driven, such as stock drop cases, as well as litigation following announcements of M&A activity. Additionally, derivative lawsuits continue to be filed against D&Os alleging breaches of fiduciary duty, particularly in Delaware. The alleged breaches can be based on any number of underlying factors, including alleged failures to implement or oversee internal controls, approvals of allegedly excessive compensation and corporate waste.
Hadwin: D&Os face a more challenging landscape than ever before when it comes to liabilities arising out of cyber risks. The risk landscape applicable to companies is shifting quickly and D&Os need to adapt to this. There has been an increasing number of high profile, adverse cyber incidents that have brought the potential consequences of cyber risks to light. Threats to companies are well known and incidents that have led to loss of profits, reputational damage, regulatory liability and litigation have been reported worldwide.
Lanstra: The landscape is increasingly complex and uncertain for directors and officers as regulatory efforts and business challenges continue to broaden the oversight accountability of corporate leaders. In addition to historic filing rates for securities class actions, plaintiffs are aggressively pursuing lawsuits concerning data breaches, major event-driven losses to the company, cryptocurrency issues and workplace harassment, which are becoming increasingly existential threats to companies’ infrastructure, operations and reputation. Government regulators such as the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) in the US continue to view individual accountability as a core principle in enforcement matters and think pursuing individuals to be the rule, not the exception. In addition, plaintiffs’ attorneys are frequently piggybacking civil actions off of government enforcement actions. Finally, state regulators and legislatures in some parts of the US are filling regulatory arenas being vacated at the federal level.
Surgeoner: The landscape for D&Os continues to evolve in an ever-increasing risk matrix. The extension of the senior managers’ regime, shareholder activism, the increasing sophistication of collective actions across Europe, the EU’s General Data Protection Regulation (GDPR), data loss, alleged management failings in insolvency situations and cyber security all feature strongly in the risk column. These risks are set against increasing political tension and economic uncertainty, driven by Brexit and festering trade wars.
“While many boards and directors do understand that the buck stops with them in terms of being sure that effective risk assessment and mitigation procedures are in place, it seems that many more do not understand that the responsibility is theirs.”
FW: How would you say the risks facing D&Os have evolved over the past few years? What major new risks have arisen in recent times, to keep D&Os awake at night?
Suskin: We have seen a rise in shareholder campaigns, including demands for books and records under Delaware’s General Corporation Law Section 220 and analogous statutes in other states, shareholder derivative demands and shareholder derivative lawsuits. The subject matters of the campaigns has been wide-ranging, including issues concerning accounting internal controls, internal controls relating to cyber breaches, FCPA violations and allegedly excessive compensation of D&Os. A relatively recent development has been that increasingly this activism is supported by litigation funding firms. The consequence of that is that the opposition can afford to be more aggressive and has considerable added staying power to remain in the fight and demand a higher award.
Hadwin: A key factor is legislative change, such as the GDPR, which imposes enhanced obligations on organisations that control or process personal data in a European context. Penalties for non-compliance with GDPR are severe, with potential fines on companies of up to 4 percent of annual global turnover or €20m, whichever is greater, in certain circumstances. Risks to the company often translate into risks to board members. For example, activist shareholders may be increasingly willing to put pressure on board members to manage cyber risk effectively, including, in the most serious circumstances, by way of shareholder derivative lawsuits.
Lanstra: Corporate leaders seem focused on competition arising from market disrupters, finding talent that can bridge to the millennial generation, and navigating political change and realignment. Each of these present uncertainties of risk to the foundations built and inherited by corporate leaders. It is a new world out there. The recent risks that are preoccupying responsible corporate leaders include cyber security threats, workplace harassment, and regulatory discretion and uncertainty.
Surgeoner: It is probably fair to say that D&Os have found sleep challenging since 2008. The regulatory environment has continued to expand, along with a robust enforcement regime. Previously emerging risks, such as cyber, have continued to evolve and become more severe. Data losses and breaches have risen high up the agenda. The precarious nature of reputation and how it can be lost from bribery and corruption allegations to #MeToo have dominated D&Os’ thoughts. Finally, depending on the nature of the business, political risk will be firmly on the agenda.
Midanek: The scale of possible repercussions of making poor choices has never been greater. Thus fear is higher, just when calm judgment and reasoned decisions are most important. The most obvious issue to point to is cyber risk, whether breakdowns may be the consequence of system disruption, cyber thieves or cyber terrorism. Political uncertainty is also increasing as, love him or hate him, president Trump is shaking up the world, which was already undergoing significant change. Litigation seems to be an ever-increasing threat, whether well founded or not. Regulators, too, are rattling their swords, and activists continue to attack, with some greater credibility in the eyes of some.
FW: How would you characterise the extent to which D&Os are aware of the range of risks and the extent of their responsibility for managing and mitigating them? In general, do you believe risk management frameworks are adequate?
Hadwin: Cyber risk has emerged as a key boardroom concern in recent years, and there is an increasing appreciation of the fundamental importance of having robust security measures in place. However, many directors face real challenges in understanding and mitigating this type of risk for their companies. While there does seem to be a growing awareness of cyber security risks, D&Os do not always fully appreciate the extent of the liability risks that they may be faced with. This is particularly true for those who hold positions on boards in multiple jurisdictions. In this respect, some risk management frameworks may not yet be adequate. Although D&Os may be well-informed about the risks they face in certain countries, they should seek to familiarise themselves with the position taken in all jurisdictions that the company operates in.
Midanek: Awareness of specific and general risks is easy to gloss over in infrequent meetings. And of course, if awareness exists, the approach to addressing may simply be to inquire as to whether a particular risk has been handled, which is not always an adequate way to proceed. While many boards and directors do understand that the buck stops with them in terms of being sure that effective risk assessment and mitigation procedures are in place, it seems that many more do not understand that the responsibility is theirs. While huge progress has been made in thinking about and analysing risk of many types, building an integrated view of different types of risk and how they relate to each other, both inside the corporation and outside of it in the interconnected world in which the corporation resides, remains an intractable puzzle. The key area to focus on, to my mind, is on building resilience. While thinking about how to do that has evolved considerably, there is more to do, as in the end what we all want to see is organisations that know how to recover.
Surgeoner: There is no ‘one size fits all’ response to risk. D&Os of major businesses have a clear sense of responsibility for managing and mitigating risk and huge progress has been made to map, analyse and respond to risk. Risk management frameworks have improved significantly, although they benefit from regular review and stress testing.
Lanstra: D&Os vary widely in both their knowledge of the specific risks facing their companies and their willingness to accept a role in mitigating those risks. Risk management frameworks can be very effective if, and only if, those in an organisation are receptive to attentive risk management and value it. Where risk management is seen as a barrier to be disregarded or avoided, instead of a core function that drives and preserves value, it can create a false sense of protection that increases risk and exposure. Organisations that value risk management tend to impose and expect their directors and officers to be aware of their responsibilities. Independence remains an important factor in success, as does continual training on risk management and written guidelines and policies.
Suskin: D&Os are becoming increasingly aware of personal exposure resulting from new risks, and they understand the need to ask more questions of management concerning risk exposures and contingency plans. Because of the increase in data breach claims, for example, D&Os are understandably more interested in whether management has developed adequate IT security measures, breach response plans and general infrastructure to address post-breach matters. Post-breach issues include the means to notify customers, reconstruct lost data and attention to the inevitable business interruption following a data breach. Also, directors are far more attentive to policy limits for D&O policies, and now often insist upon the purchase of Side A-only coverage, which is dedicated to protect only the individual D&Os for non-indemnifiable claims. In the past, it was unusual for an individual director to be as interested in the scope and nature of the company’s insurance coverage as they are today.
“It is helpful for D&Os to have knowledge of potential risks, but more important to have processes in place for the organisation’s members to tender hazards to D&Os for evaluation and judgment on how to navigate them.”
FW: For D&Os who may be concerned about gaps in their knowledge and understanding of potential risks, what immediate action would you recommend?
Surgeoner: The watchword for D&Os is collaboration. There are three key friends to a D&O who is concerned about gaps in their knowledge and potential risks. The first is an expert D&O insurance broker who should be able to summarise the risk and provide a sound D&O policy that will help to mitigate the risks. Second, it is important to build a relationship of trust with the D&O insurer, with clear disclosure in relation to the policy and ensuring the terms of the policy are clear and unambiguous. Third, it is almost certainly worth speaking with a lawyer specialising in directors’ duties so that any industry-specific risks can be identified.
Lanstra: It is helpful for D&Os to have knowledge of potential risks, but more important to have processes in place for the organisation’s members to tender hazards to D&Os for evaluation and judgment on how to navigate them. It may be prudent to seek the assistance of outside counsel and consultants to review current frameworks and identify vulnerabilities and blind spots, commit to risk management training, and develop a culture where everyone is permitted to ask questions and raise their hands. This will push improvements, identify dangers and wrongful conduct, and help all employees embrace risk management as part of their core duties and prevent the types of widespread, fraudulent schemes that have kept some companies in the headlines and in court for all of the wrong reasons.
Suskin: It behoves D&Os to be informed as to any potential gaps in coverage they may face and they should take affirmative steps to address those gaps.
Midanek: Study, and learn, both about the board’s responsibility and about the range of risks, their materiality, and various approaches to mitigating them. Plenty of help is available, but work to find the right help, and even then, scan the horizon, and the backyard, relentlessly.
Hadwin: One of the biggest challenges here is that many aspects of cyber risk require a working understanding of technology and the use of data, and many company directors do not have this at present. However, although D&O engagement is essential, it does not necessarily require a detailed individual understanding of every technical issue. In terms of immediate action, there are a number of steps which D&Os can take in order to manage cyber risk effectively and increase their understanding. D&Os should obtain input from those with appropriate expertise in order to understand fully the potential cyber risks. Also, establishing a cyber risk committee is often an effective means of ensuring that D&Os have access to those with the required knowledge.
FW: To what extent are high-ranking executives being held personally responsible and liable for transgressions occurring within their company?
Lanstra: Simply put – increasingly. Laws, regulations, shareholders and jurors all hold corporate leaders directly accountable for structural failures and egregious conduct. And jurors presume that corporate leaders have allowed or encouraged a culture where wrongful conduct is permitted if hidden, and if it tends to further corporate profit in the short term. Juror disdain for corporate executives is at an all-time high, and a lack of trust in industries that can face sudden consequences, such as those in the life sciences that are susceptible to adverse events from failed trials or adverse regulatory action, can be viewed through conspiratorial lenses.
Suskin: It is relatively rare for high-ranking executives to be held personally responsible or liable. The ‘for cause’ provisions usually present in executives’ employment contracts are a high bar to meet. Additionally, most executives are indemnified by the corporation’s bylaws to the fullest extent of the law, and are covered as D&O insurance generally leaves them exposed to personal liability only in instances of proven intent to defraud.
Midanek: There is a greater focus by regulators and others on identifying and holding accountable for wrongdoing those in a position of authority, whether they were actively involved or not. Regulators want to discourage bad acting, both by punishing those with authority to have avoided it or fixed the issued and failed to do so, and by deterring others by creating examples of painful consequences. The chastising letters written to the former chairman of Wells Fargo & Company, John Strumpf, early in 2018, by the Federal Reserve regulators offer an example. Possibly broadening use of the responsible corporate officer doctrine, whereby in certain circumstances, criminal penalties may ensue simply by virtue of being in the chain of command, offers another.
Hadwin: To date, in the UK, despite the changing risk landscape in many jurisdictions, the personal liability of directors in this context has not been particularly common. However, risks to the company often translate into risks to board members, and there have been some shareholder derivative lawsuits brought against directors in the US in the aftermath of large data breaches. In recent years, longstanding legal duties, such as fiduciary duties to the company, have been joined by greater regulatory obligations, particularly in the financial sector, and a greater willingness on behalf of regulators to take action against individual directors.
Surgeoner: To date, it has been rare for high-ranking executives to be held personally liable. However, there has been increasing scrutiny, both politically and from regulators, as to why senior executives are not seemingly being held accountable. This is likely to increase the pressure on senior executives, particularly with the increase in regulations, such as the senior managers’ regime. Increased shareholder activism, which specifically targets senior executives, will focus the spotlight.
“Companies and D&Os should work together to scope the risks that D&Os face and cooperate to ensure that appropriate protections are in place to mitigate those risks.”
FW: Can you highlight any recent claims against D&Os in which the outcome proved to be particularly significant?
Surgeoner: The recent tribunal comments in Arif Hussein v. Financial Conduct Authority gave a strong hint regarding the direction of travel for senior executives. Mr Hussein was a relatively junior trader who was put under investigation in relation to a limited number of chats which took place over a very short period regarding the manipulation of LIBOR. The tribunal expressed some concern that senior management had not been pursued for their role in the matter.
Midanek: The literally hundreds of men whose alleged sexual misbehaviour in employment settings that has come to light in the last year or so will presumably be playing out in the courts for some time. It will be enlightening for D&Os everywhere to see how culpability of the corporation is determined and damages assessed.
Hadwin: The D&O implications of large scale, high-profile cyber attacks were brought into focus by a number of shareholder derivative suits in the US that were brought in the aftermath of large data breaches, essentially alleging that directors had failed to manage and mitigate cyber risk adequately. Such claims can have significant settlement values and, even if they are dismissed, often require defendant D&Os to incur significant defence costs. Such claims can also lead to the removal or resignation of key board members, even in circumstances where formal liability is not established.
Lanstra: The Delaware Supreme Court’s rulings in Corwin v. KKR and In re Cornerstone Therapeutics have been viewed as director-friendly decisions narrowing the contours of suits that will survive motions to dismiss, although large settlements have been reached in numerous derivative actions alleging breach of fiduciary duty in Delaware. The life science and biotechnology industries are facing an increase in securities class actions and accompanying shareholder derivative suits. Finally, the recent securities class actions against Equifax and PayPal are noteworthy in the cyber security space.
FW: How important is it for D&Os to ensure they have appropriate levels of D&O liability insurance coverage in place? How can D&Os accurately determine whether or not their insurance coverage is equal to the range of risk scenarios that exist?
Suskin: D&Os must become more vigilant as to management’s overall and holistic efforts to manage risk. This includes not only a closer look at the company’s D&O insurance programme, which should include Side A-only coverage, but also other coverage programmes for errors and omissions, property, products, if relevant to the business in question, cyber and general liability. Consulting with outside insurance coverage counsel and insurance brokers is important in order to make an accurate determination whether insurance coverage is adequate.
Hadwin: D&O liability cover is of fundamental importance and companies and D&Os should work together to scope the risks that D&Os face and cooperate to ensure that appropriate protections are in place to mitigate those risks. The liability risk can never be eliminated, so D&Os should always ensure they have adequate protection, ideally by way of an indemnity for the company, for liabilities arising out of the conduct of their role or by way of appropriate D&O insurance.
Midanek: D&O insurance levels are of course important, but perhaps more important is understanding the structure of the coverage available. Start with law in jurisdiction of incorporation, review indemnification and related provisions. Move to review the certificate of incorporation, corporate charter and bylaw provisions regarding indemnification and advancing of costs. From there, consider requesting a specific indemnification agreement between director and company, that specifically sets forth obligations and affirms them. Then look at the definition of the actions covered and not covered, and at the list of actual D&Os identified as insured. Consider the number of insureds, the nature of the business, its litigation history and posture, and of course the cost of insurance. Remember, too, that insurance coverage in itself can increase likelihood of litigation as its size can be tempting to experienced attorneys.
Surgeoner: It is vital for D&Os to review the level of D&O cover regularly. Traditionally, this would be an annual discussion with the insurance broker. But there is no doubt that these discussions have become more regular and important. The truth is there is no fail-safe way to ensure that a D&O has insurance coverage equal to the range of risk scenarios that exist, but key considerations are the risk profile of the business, industry-specific claim trends, loss data and comparison to peer companies.
Lanstra: An insufficient amount of coverage can narrow strategic advantages in litigation, affect corporate financial planning, and inhibit the recruitment of quality D&Os. The worst time for D&Os to discover that insurance coverage is insufficient is after litigation or an investigation commences. Consider talking to multiple brokers to ascertain the necessary amount of coverage, involve management outside the chief financial officer (CFO) suite, and ask plenty of questions about policy exclusions – all analyses that should involve the advice of legal counsel.
“D&Os must become more vigilant as to management’s overall and holistic efforts to manage risk.”
FW: What advice would you give to companies and their D&Os when they are assessing the merits of a D&O liability policy? Which elements should be considered of paramount importance?
Hadwin: A company needs to have cover which is appropriate for its size, industry and customer base. D&Os should scope the risk the company is facing and should work with a broker to arrange cover which is appropriate for the company’s risk profile. As every company is different, an ‘off-the-shelf’ policy may not be the best policy to mitigate the specific risks a company is facing. As a general rule, it is, of course, essential that any policy has limits that are high enough to reflect the potential risks that the insured is facing. In addition, it is worth knowing that as well as D&O insurance, cyber insurance policies can also provide a degree of cover to individual D&Os, should they be the subject of a third-party claim arising out of a cyber incident.
Lanstra: Companies should assume worst-case scenarios for large events, not historical data on average expenditures, and involve independent legal counsel to examine policy exclusions and service issues. They should recognise that risks often require a defence on multiple fronts, and that enforcement actions can last longer than class action and derivative litigation and are rarely part of a global resolution process, as can occur in civil actions. Exclusions and the flexibility to retain counsel of choice are of paramount importance. Moreover, to the extent the company has external managers or large stockholders with the ability to appoint directors, it should consider what, if any, endorsements might be necessary to cover them.
Surgeoner: In the modern world, it is difficult to identify circumstances where a company and D&O could conclude that they should not have a D&O policy. Careful consideration should be given to the indemnification language, ensuring that coverage is available for insolvency, regulatory investigations and cyber insurance. The wording of any exclusions should be given careful thought. It is worth checking any local law requirements for D&O policies if relevant. Finally, spend time with the proposal form to ensure that policyholders comply with the duty to provide a fair presentation of the risk and ensure advice is taken over the circumstances in which the policy can be avoided by the insurer.
Midanek: Consider whether separate coverage for D&Os might be warranted, for two reasons. First, in circumstances in which the coverage is needed, there may be greater likelihood of officers needing it than directors, which could exhaust the coverage available for directors. This leads to the second issue. In those very circumstances, D&Os may not have the same interests and defences, and may in fact be opposed to each other. Look, too, at alternate forms of coverage for uncovered acts or for directors vs officers.
Suskin: It is important to pay close attention to key terms, exclusions and limitations of a policy. One aspect that is particularly important, and is often overlooked, is with regard to insurer control over the selection of counsel. D&Os normally prefer to be defended by counsel with whom they are familiar. But D&O policies often give the insurer significant influence or control over the selection of counsel, frequently in connection with the insurer having negotiated significant rate discounts with select panel counsel. D&Os should examine whether their regular outside counsel will be on the insurer’s approved list and, if they are not, negotiate their inclusion at the policy inception. It is usually difficult to get counsel approved later, and approval may be tied to significant concessions on rate discounts that the counsel may be unable or unwilling to accept.
FW: With regulatory enforcement targeting senior management, how should D&Os go about mitigating the costs that can accrue for legal defence during an investigation and beyond?
Midanek: Regulatory enforcement does, for the record, seem increasingly willing to target directors in addition to officers. The main issue in this regard, however, is to consider whether separate coverage, or segmented coverage, for each group, directors and officers, might be wise. The longstanding convention of D&O coverage may be ripe for change.
Surgeoner: In fairness to D&Os, this can be a time of maximum stress and it would be easy to ignore careful management of costs in implementing an effective legal strategy. The key points are to check the D&O coverage that is available and to liaise with the insurer as necessary and also to check any indemnification provided by the company. It is then important to appoint a lawyer in whom they trust, negotiate a comprehensive letter of engagement and seek to manage costs by careful use of alternative fee arrangements, such as caps and fixed fees for appropriate elements of the work. In many cases, this process will require management with a D&O insurer who will be experienced in managing costs. The D&O must be careful to comply with the D&O policy terms.
Suskin: As a threshold matter, it is important that care be taken to avoid a problem in the first instance, including active oversight of internal controls and reliance on advice of outside counsel whenever potential issues or concerns arise. And it is critical, when reviewing their policies, that D&Os make sure that their policies include coverage for investigations. Not all policies do, and some that do have limitations that unrealistically underestimate the cost of conducting such investigations. Additionally, many policies do not cover responding to government subpoenas, including as non-party witnesses, but such responses can entail exceptionally high costs, particularly where identification, recovery and production of electronically stored information is involved.
Lanstra: Consider a policy amendment that provides for coverage for internal investigations, shareholder books and records demands, and shareholder litigation or investigation demands. Hire the most effective counsel who understands that small investigations or lawsuits often become complex due to mimicking and piggybacking. Appreciating how they become complex and, thus, how to cabin them, is critical. To limit the need to face multiple shareholder derivative lawsuits, a forum-selection clause is advisable. In addition, for many cyber security and event-driven risks, liability often arises from D&O acts or omissions once the attack occurs, not before. Crisis management protocols and action plans provide numerous benefits, one of which is to bridle liability for a company’s response to an emergency.
Hadwin: Make sure triggers for cover are early enough. Regulators have, in recent years, increasingly made enquiries of D&Os in particular circumstances, in a way which falls short of being a full-blown investigation. Ideally, D&O policies should cover any costs incurred in responding to those enquiries, notwithstanding that a formal ‘investigation’, which was traditionally the trigger for investigation costs cover in many D&O policies, has been commenced. Beyond this, D&Os should ensure that their insurance policies provide appropriate cover for investigations and enquiries, and for any respective outcome.
“In the modern world, it is difficult to identify circumstances where a company and D&O could conclude that they should not have a D&O policy.”
FW: What advice would you impart to D&Os on regularly revisiting and reviewing their D&O policies and indemnifications to account for new developments and changing circumstances?
Lanstra: D&Os need to make revisiting and reviewing their policies and indemnifications a regular and meaningful audit and risk management function.
Surgeoner: There is no doubt that regularly revisiting and reviewing D&O policies and indemnifications is a fundamental risk management tool and an important process to embed in a risk management framework.
Suskin: Simply stated, D&Os must do this, but they should not try to do this on their own. The board should engage separate counsel to regularly review their D&O policies and indemnifications to identify gaps and limitations in coverage in view of ever-changing circumstances.
Hadwin: D&Os should review their D&O insurance to ensure that it adequately protects them from claims that may arise in a cyber security context. The policies should be stress-tested for effectiveness and kept under review in order to reflect the changing cyber risk landscape that the company will inevitably be facing. The position, in terms of both the liability risks and the appropriate means of protection, should be kept under constant review, bearing in mind that the risk landscape is anything but static.
Midanek: From the point of view of directors, I suggest a periodic review of coverage available to them, from jurisdictional law on up through indemnification and liability insurance coverage by an independent expert, typically an attorney well versed in both insurance law and litigation. It is all too easy to look at coverage through the lens of management’s advisers, who may not focus on how the issues the board faces are different.
FW: How do you envisage the risks facing D&Os will evolve in the months and years to come? Are they likely to become ever-more complex and critical?
Suskin: The trend in risks facing D&Os may depend on the level of government enforcement actions. If such actions were to decline under the current administration, that could well lead to a decline in private litigation, because there will be fewer publicised penalties and settlements to prompt follow-up from shareholders or consumers. Of course, if government enforcement actions increase at the state level in order to pick up the slack at the federal level, this could prompt additional actions and D&Os could face potential risks. It is difficult to imagine any scenario in which the risks facing D&Os will ever disappear.
Lanstra: Risks will become more complex due to the natural growth of regulatory states, the realignment of international comity and pacts, and the survival instincts of government agencies and the plaintiffs’ bar.
Hadwin: Heightened regulatory scrutiny and higher shareholder expectations are here to stay. The emerging challenge for directors is understanding and dealing with emerging risks, which in many respects are only going to become increasingly complex and difficult to deal with. Cyber risk is probably the best example of this and, while cyber attacks against companies are the main headlines for now, we would not be surprised if in a little while we are also reading about claims against directors who did not do enough to protect their companies against the cyber threat.
Midanek: The risks facing D&Os are likely to become more critical. Litigation is big business and many people make a lot of money from pursuing it, whether well-founded or not.
Surgeoner: The risks facing D&Os are here to stay and are becoming more complex. Collective actions and innovative litigation funding are likely to lead to a more hostile claims environment. Gender pay gap reporting will heighten issues over equal pay. Cyber risk will continue to evolve, and it is a risk that is difficult to mitigate completely with insurance cover yet, to catch up with the risk that companies and D&Os face. Climate change and related regulatory requirements may lead to more corporate boards being held accountable for failing to fulfil their duties.
Stephen Surgeoner has more than two decades of experience advising clients on all forms of commercial dispute resolution, with a focus on the banking, funds, insurance, energy and telecommunications industries. He has considerable experience in assisting clients with high-value, cross-jurisdictional complex commercial litigation. Mr Surgeoner also advises financial institutions and corporate enterprises on risk mitigation, including the use of insurance products, such as political risk, credit, directors and officers, and warranty and indemnity insurance. He can be contacted on +44 (0)20 7184 7877 or by email: stephen.surgeoner@dechert.com.
Howard S. Suskin is a litigator with substantial first-chair experience in civil and criminal securities matters. He is co-chair of the firm’s securities litigation and enforcement practice and the class action practice. Individuals and businesses seek his counsel in such matters as class actions alleging securities fraud and misrepresentation claims, derivative actions claiming breach of fiduciary duty, contests for corporate control, and shareholder demands for corporate books and records. He can be contacted on +1 (312) 923 2604 or by email: hsuskin@jenner.com.
Steven Hadwin is a dispute resolution lawyer based in London, advising on insurance matters. He has experience in dispute resolution, coverage advice, policy reviews and policy drafting. Mr Hadwin has experience in relation to a number of classes of insurance, including directors and officers’ liability insurance, crime insurance, professional indemnity insurance, warranty and indemnity insurance, cyber insurance, employment practices liability insurance and excess wordings. He can be contacted on +44 (0)20 7444 2290 or by email: steven.hadwin@nortonrosefulbright.com.
Allen Lanstra’s diverse practice focuses on complex, high-stakes litigation. From his extensive experience handling high-profile and discreet matters for large institutions, corporate leaders and public figures, Mr Lanstra has developed a reputation as a tested and trusted counsellor during a crisis. He can be contacted on +1 (213) 687 5513 or by email: allen.lanstra@skadden.com.
Well known for her turnaround expertise, Deborah Hicks Midanek has consistently positioned businesses for accelerated growth. Ms Midanek has diagnosed and remedied problems for over 60 corporations plus furthered growth of nearly 30 ventures. Once described as a ‘pure thinker’, she can quickly gain a deep understanding of complex problems, while exhibiting sensitivity to all parties involved and an extraordinary ability to assimilate and craft lasting solutions. She can be contacted by email: dhmidanek@solongroup.com.
© Financier Worldwide
THE PANELLISTS
Dechert LLP
Jenner & Block
Norton Rose Fulbright LLP
Skadden, Arps, Slate, Meagher & Flom LLP
Solon Group