INTRODUCTION

This chapter addresses the process of overseeing adequate insurance protection for a large organization and for its directors and officers. It is written primarily for directors and executives of sizeable organizations who spend in the hundreds of thousands and/or millions annually on insurance, although the principles are applicable to any sized organization. Management can use this chapter to ensure that proper processes are in place to protect the organization with adequate insurance. Boards can use this chapter as a benchmarking guide when certain insurance scenarios arise that require oversight, and is ideally suited for a risk committee's usage as they undertake oversight of all risk-related matters. For large organizations that are sophisticated insurance buyers, the quality of coverage (versus price as a driver) is a necessity. Also important for large organizations is the need to buy high limits of insurance to protect against catastrophic losses (like train accidents, product liability, or directors and officers liability) that could bankrupt the company and its directors. Mistakes made in not securing quality of coverage, or in not buying enough limits, can have a material impact on the organization and its leaders.

Recognizing that detailed knowledge of insurance falls outside of the scope or expertise of most directors, yet like the requirement that directors have a basic level of competence in financial literacy, each section of this chapter provides directors with two tools to assist in understanding the insurance process: a checklist for management to use as a base, reporting back on notable differences; and questions to be asked by the board (see Appendix 35.D: Director's Questions, 20 in total).

The 2013 train accident in Lac Megantic, Quebec, Canada, resulted in 47 deaths and much property damage, and was an infamous example of a board ignoring oversight of many aspects of risk management, including one key element—the adequacy of the commercial insurance carried. Public sources¹ reveal that Montreal, Maine and Atlantic Railway (MM&A), which hauled tanker cars in Eastern Canada and in the United States, carried $25 million in commercial insurance, and yet the total costs for this incident will likely exceed $460 million. Hence, the organization failed not only to protect itself and its directors, but it also failed to protect other stakeholders, including the public communities who lived near the tracks that carried MM&A's cargo—dangerous and explosive bitumen oil. Simple benchmarking would have revealed that peer oil-tanker railways were carrying much higher amounts of insurance.

Stakeholders such as boards, shareholders, the public, customers, suppliers, regulators, and rating agencies expect corporate decision makers to be financially accountable for their actions. However, oversight of the adequacy of commercial and directors and officers (D&O) insurance—key financial instruments used to protect organizations and their stakeholders—has not typically been elevated to the board level. Moreover, within management, the administration of corporate insurance coverage has typically not been a priority at senior management levels. However, recent high-profile natural disasters, weather changes, and emerging risks such as cyber threats, corporate fraud, and terrorism, have resulted in catastrophic losses, highlighting the need to more properly arrange and oversee insurance protection. As losses have mounted, D&O insurers have become concerned with the lack of oversight of corporate insurance and the potential liability to directors, leading to a “failure to maintain insurance” exclusion that appears on many D&O policies. It is a big responsibility to insure the assets, liabilities, and directors of a large organization. Hence, delegating this role to junior people with no oversight of their actions is akin to allowing a bond trader to operate without monitoring, yet oversight of insurance is only now just becoming a board practice, typically part of the risk committee's mandate. Inadequate insurance can result in bankruptcy, a severe drain on financial resources, and/or directors and officers being held personally responsible for losses. There are many examples of the consequences of inadequate insurance, but a recent Ontario case, Northstar Aerospace, is resonating with directors. In 2013, the courts found certain directors and officers of the company to be personally responsible for Can$4.75 million for pollution from the bankrupt company, and environmental remediation costs were excluded from the directors' and officers' insurance policy.²

In short, a lack of adequate insurance protection for the corporation and its directors and officers is typically the result of two scenarios: (1) a deficient process for determining what needs to be insured and in what amounts and/or arranging such insurance; and (2) lack of oversight by the board. So, what process can board members and senior executives follow to ensure protection with adequate commercial insurance for themselves and for their organizations?

Exhibit 35.1 is a glossary of terms relating to commercial insurance that will be used throughout this chapter and/or in regular oversight of insurance coverages.

THE KEY ORGANIZATIONAL RISKS (INSURED AND NOT INSURED)

Before determining the adequacy of insurance, an organization is first advised to identify its key business risks, as mandated in virtually all board charters. This can be done via a structured enterprise risk management (ERM) process as outlined throughout this book. Key is that the organization knows which risks most impact its strategic objectives, and that a plan be in place to treat such key risks. This requires aligning the risks to the objectives, such as in the example in Exhibit 35.2.

In Exhibit 35.2, Smith Corp. has identified five key organizational objectives, and adjacent to each has aligned and ordered the key risks that could impact the achievement of such goals. Further, Smith Corp. has highlighted in italics and with an * the key risks that are insured; and in italics, bold, and with ** those risks that are insurable but which are not insured. For those material risks not currently insured, but which are insurable, management should determine whether such risks should be insured and at what cost, presenting such findings and recommendations, if material, to the board. This exercise is particularly important relating to new and emerging risks as might be revealed through the annual ERM exercise, as new risks are often not covered by existing insurance programs, for instance, cyber risks that require specialized insurance. Self-insurance on sizeable risks is usually a material matter and should be approved at the board level. For example, management of an airline company may choose to self-insure terrorism to save money, but this decision may have a material and adverse impact on the financial results.

DIRECTORS AND OFFICERS INSURANCE

Directors are not insurance experts, yet they expect others to arrange high-quality directors and officers insurance (D&O) for them. Few directors ever scrutinize the process undertaken to obtain such insurance, nor the final product, and unfortunately there are a number of inherent flaws in the typical D&O insurance procurement process. The worldwide D&O insurance marketplace offers literally hundreds of options, with no two insurers offering the same product, and hence coverage ranges from restrictive to broad. It requires real broker expertise to select the required options from the many choices, yet specialist brokers are often not used to arrange this complicated coverage. Further, rarely do such broker teams have any board experience nor do they fully understand the challenges or duties of directors. If management places a focus on expense control, it is possible that less expensive insurance has been selected at the expense of higher-quality coverage.

So, what is the process for oversight by directors and executives to ensure that quality D&O coverage has been placed and arranged by the most competent practitioners?

The processes and various steps for ensuring the quality of an organization's D&O insurance mirror the same fundamentals (including checklists and board questions) articulated elsewhere in the other sections and appendices of this chapter. Like with all insurance coverages, organizations need to first identify their risks before determining the insurance to be arranged. It is strongly advised that readers of this section on D&O insurance also read the remainder of this chapter and its appendices, to gain a thorough understanding of the insurance procurement process (which also applies to D&O insurance). This section focuses on: “General Considerations in Protecting Directors and Officers” (via insurance and other means); and “Overseeing D&O Policy Terms and Conditions.” A detailed checklist of some of the sections and components that should be in place in broad D&O policies is included as Appendix 35.A.

SUMMARIZING INSURANCE DETAILS AND CLAIMS FOR BOARD OVERSIGHT PURPOSES

While it is not a board's responsibility to have expertise in insurance coverages, it is important to have a general knowledge of what management has chosen to insure. A good overview can be provided by management via a summary of an insurance document that lists the insurance coverages carried, such as limits, deductibles, and key exclusions, and this should be reviewed annually. A member of the board, ideally a lead risk director or a member of the risk committee who has experience with protecting an organization via insurance, should undertake this review so as to oversee management's activities in this area.

A second key area to be summarized for the board is the level of claims activity of the organization, and that of other organizations similar to it. A listing of material insurance claims should be summarized periodically for the board.

ROLES AND RESPONSIBILITIES

It is increasingly common for buyers of insurance to contract with their broker or outside insurance provider to ensure the provision of agreed services and to ensure accountability. It is less common for the buyer to formally hold itself accountable for responsibilities it must undertake in managing the insurance, yet this is important. The key is that a process of oversight and management exists to ensure that the roles and responsibilities of both parties are being followed. If one link in the chain is weak, such as late reporting of a claim by the insurance buyer, material losses may occur.

THE INSURANCE MARKETING PROCESS

As outlined above, it is the responsibility of management to periodically explore alternative insurance options. In the insurance industry, the term marketing denotes the process whereby multiple insurers are approached to shop for insurance, using coverage specifications like in a request for proposal, and the best option is selected. The objective of the marketing process is to recalibrate coverages so as to ensure that the right protection has been placed with the right insurer(s). To do this, it is necessary to develop an accurate, creative, and professional representation of the risks, aggressively persuading all suitable insurers to quote the best possible terms, ending up with an attractive arrangement for buyer and insurer. If not done properly, the board may be under the false impression that the organization has diligently explored all options, that is, that insurance coverages protecting the organization are state of the art. Why is marketing necessary? Organizational risk exposures change rapidly—through growth; new products and offerings; economic, demographic, technology, and weather conditions; and through mergers and acquisitions. For example, witness the sudden onslaught of cyber claims, requiring that old insurance programs be updated to cover this new risk. Another factor requiring that insurance be regularly marketed is that the worldwide commercial insurance marketplace is hyper-competitive, and an example of this phenomenon is the D&O insurance marketplace, wherein literally hundreds of insurers offer coverage, all with notably different terms and conditions—no two offerings are identical. A buyer of D&O insurance that has not marketed the coverages within the last few years has likely missed out on important new innovations developed and available, such as the relatively recent D&O insurance offering whereby one board member can now sue another (the “Insured versus Insured” exclusion is now typically removed in newer policies, subject to conditions).

Each marketing exercise should be strategically planned and should be carried out in accordance with the requirements of the specific organization.

Appendix 35.C is a checklist that outlines some fundamentals to a typical insurance marketing process and is best suited to buyers of large commercial insurance placements.

CONCLUSION

In this chapter and its appendices are important tools and checklists to assist directors and executives in their oversight of the maintenance of commercial and D&O insurance implemented by management. Contained in Appendix 35.D of this chapter are 20 questions that directors can ask relating to different facets of the insurance procurement process. As the business world becomes more complicated and fraught with new and emerging risks, commercial insurance plays an increasingly important role in protecting the assets and liabilities of business leaders and their corporations. A lack of adequate insurance protection is typically the result of a deficient process for scrutinizing what needs to be insured and in what amounts, and is often a result of a lack of oversight by the board and senior management. As risk committees and risk subcommittees become more commonplace on boards, and as enterprise risk management becomes entrenched as a process to identify and treat the key risks of the organization, so too must commercial and D&O insurance be considered a primary risk response/risk mitigation tool. Failure to oversee adequate insurance can have catastrophic consequences.

APPENDIX 35.A: CHECKLIST OF KEY D&O INSURANCE POLICY EXTENSIONS

The following extensions of coverage are available in the D&O insurance marketplace, but availability will depend on factors such as claims, size, geography, insurance jurisdiction, and industry. Additional extensions not shown here may be available. Use this checklist to audit the existing D&O program, and seek advice from a qualified D&O insurance specialist when comparing existing and prospective coverage with this checklist. First, determine coverage in the “Our Insurer” column, then determine if such coverage (or better coverage) is available from other insurers. Always use the policy language to interpret actual coverage, and do not rely on the following definitions alone, as each policy is different and coverage will apply in different ways with different insurers. Abbreviations should be explained by a D&O specialist.

APPENDIX 35.B: BROKER RESPONSIBILITIES, SAMPLE BROKER SERVICE AGREEMENT

Broker Service Agreement

SUMMARY OF SERVICE

Signed and dated, this __________ day of _________, 20___,

By Client: ___________________________________________________

By Broker: __________________________________________________

APPENDIX 35.C: CHECKLIST—THE PROCESS FOR MARKETING LARGE INSURANCE PROGRAMS

1. Establishing a timetable.
2. Setting insurance strategy.
3. Information gathering.
4. Information analysis.
5. Review options.
6. Marketing and buying large insurance programs.

APPENDIX 35.D: DIRECTOR'S QUESTIONS

Board Question(s)—The Key Risks of the Organization

1. What are the organization's key risks that could impact our objectives, and which ones are insured, and which are not insured, and which could be insured?
2. Has the organization had an outside audit of each of our insurance coverages, comparing what is insured versus what is available in the insurance marketplace?
3. Has management reduced, declined, or omitted any coverages, exposing the company and its D&Os to a material additional assumption of risk? If so, please describe.
4. Are new and/or emerging risks insured and/or insurable?

Board Question(s)—D&O Insurance

5. Do we have Personal Indemnity Agreements for each director and officer? Will such Indemnity Agreements cover unrestricted Advancement of Defense Costs, and Administrative Monetary Penalties (AMPs), regardless of insurance coverage? What coverage do we have, if any, under our insurance for AMPs? Have the Indemnity Agreements been recently reviewed by a qualified independent outside lawyer?
6. Have we explored placing more specific and separate insurance in areas where D&O insurance alone will not properly cover the directors and officers, such as Cyber or Pollution? Have we asked our broker where D&O coverage is not adequate to cover company exposures?

Board Question(s)—Summarizing Insurance and Claims for Board Oversight Purposes

7. Can Management provide a Summary of Insurance that outlines specifics of our insurance such as: limits; deductibles; and key exclusions, comparing same to prior years and/or what we require?
8. Will Management summarize for the board the material insurance claims of our organization and for those organizations relevant to us?

Board Question(s)—Management Experience in Insurance

9. What experience has the internal individual managing our insurance in large commercial insurance programs and D&O insurance matters?
10. Is Management's role in administering our insurance clearly articulated in a job description, addressing in detail the various elements that need to be managed such as claims reporting, risk assessment, and loss prevention?
11. Are the insurance administration activities reviewed and discussed by senior management at least annually?
12. What line of reporting exists between the insurance manager and board? Who will report to the board on material insurance matters, and how frequently?

Board Questions(s)—Outside Broker/Insurance Provider Experience

13. What is our D&O broker's experience in D&O insurance?
14. What is the broker team's experience in our industry and with other businesses like us, including organizations of our size and geographical locations?
15. What is the broker team's experience in large claims; risks unique to our organization?

Board Questions—Marketing

16. When was our commercial coverage last marketed?
17. Property—have we evaluated, via a qualified engineering firm, our “Maximum Foreseeable Losses” and our “Maximum Probable Losses,” for damage to our key locations and assets and business interruption?
18. Liability Coverages, including D&O—Have we benchmarked what liability limits we should be carrying, compared to our industry, to other industries, considering lawsuits and historical claims? What limits do you recommend?
19. Were all candidate insurers that could insure our operation canvassed in our marketing exercise?
20. What are the material coverages we were not able to get in this marketing exercise?

ABOUT THE AUTHOR

Stephen Mallory, ICD.D, CRM, FCIP, BA, served as a director on two Canadian Government Federal Crown Corporations. From 2012 to 2017 he served on the board of VIA Rail Canada, including as Chair of the Governance, Risk, and Strategy Committee, and was on the Pension Investment Committee. Previously he served from 2008 to 2012 as a director with the Standards Council of Canada and sat on the Audit Committee. He led board risk oversight on both boards and has been a member since 2011 on Canada's CSA/ISO/TC262 Mirror committee: Risk Management.

Steve teaches enterprise risk management to executives, directors, and master's-level university students. He is principal of Directors Global Risk Consulting, Inc., a Toronto-based firm that provides enterprise risk management advice for organizations located across Canada. He also advises clients at Benson Kearley IFG, a top Canadian insurance brokerage. Prior to founding his own firm in 2007, he served as CEO and Region Head within two of Canada's largest insurance brokerages.

Steve is regularly quoted in business publications and has led various charitable initiatives, including funding for water wells supplying nourishment to 15,000 people in Africa.