January 2024 Market Update – D&O Liability

As foreshadowed in our July 2023 D&O market update, capacity has returned to the D&O market for public companies. There is clear evidence that the market continues to soften with stabilised to decreasing rates. This follows a long period where premium increases and constrained underwriting standards were common. The softening is expected to continue into the first half of 2024.

This welcome change is a result of new carriers in the market both locally and offshore and a reduced number of Securities Class Action (SCA) claims. This has led to an increasingly competitive environment. Broader cover is available for proposers with healthy balance sheets and regular cash flow.

In its release of 19 December 2023 ASIC urges directors, preparers of financial reports and auditors of the following areas of focus for full and half-year reporting:

Impairment, asset values and provisions.

Events occurring after year-end and before completing the financial report.

Disclosures in the financial report and operating and financial review (OFR).

The impact of a new accounting standard for insurers.

“Directors and management should assess how the current and future performance of an entity, the value of its assets and provisions and business strategies may be affected by changing circumstances, uncertainties and risks.”

The key issues for boards are:

Cyber security risk management.

Managing cash flow, prices and access to debt in the higher interest rate environment.

Increasing regulatory landscape.

Cyber Risk Management

The Australian Institute of Company Directors (AICD) Director Sentiment Index consistently finds the topic of cyber security as the number one ‘issue’ keeping directors awake at night.

Insurers are now expecting to see Business Continuity Plans and Disaster Recovery Plans to consider cyber incidents and to show regular consultation and testing of these plans on an annual basis.

Shareholder class actions have been brought against companies arising out of cyber network breaches:

Latitude, the Australian personal loan and financial service provider was one of Australia’s largest data breaches in recent history that impacted over 14 million people from Australia and New Zealand in March 2023.

Medibank in October 2022 where data of approximately 9.7 million of its current and former customers was compromised, and more recently in June 2023 when one of Medibank’s property managers that uses file transfer software MOVEit was compromised. A shareholder class action was launched against Medibank alleging misleading or deceptive conduct, and that Medibank breached its continuous disclosure obligations.

In September 2022 approximately 10 million current and former Optus customers had personal details stolen in a cyber hack and a class action was lodged on behalf of customers who stated their safety had been compromised.

These cyber attacks highlight the size and severity of class action exposures faced by Australian companies and as a result boards of directors are increasingly expected to ensure there are sufficient levels of protection in place to prevent a cyber attack occurring.

Solvency risk

Due to increased inflation rates, deteriorating economic conditions have been seen with the management of cash flow being a prevalent issue.

August 2023 saw the greatest number of companies enter external administration in a given month in over 6 years. Shareholder value is being adversely affected by the higher interest rate environment.

Insurers are applying insolvency and financial mismanagement exclusions on D&O policies and they are becoming more cautious in underwriting methodologies prior to removing the application of such exclusions.

Environmental Social and Governance (ESG)

ESG issues have resulted in many changes to the financial reporting and disclosure obligations for companies. While compulsory reporting and disclosure of carbon and climate emissions either has or is in the process of being introduced in the EU, USA and UK, Australia is on track to introduce mandatory emissions reporting requirements for large companies from July 2024.

With the introduction of these new emissions reporting requirements, it will follow that there will be an increasing amount of ESG data supplied by companies, however, how to measure this as material and relevant when assessing and pricing D&O risk will be a challenge that will follow in the insurance industry.

There is a growing industry of ESG rating agencies, but these are currently US and EU focused therefore there are questions surrounding the effectiveness and validity of the ratings with respect to Australia. As the assessment of ESG risk is in early stages it is expected that in due course the ratings and measurements for assessing D&O risk and underwriting D&O insurance will become clear and validated by evidence.

There have been several ESG cases in Australia over the past year. Two such examples include ASIC’s case against Mercer Superannuation and Vanguard Australia for alleged greenwashing. The number of cases is expected to rise due to increased regulatory scrutiny and increasing numbers of social justice and climate change activist groups. It is thus expected that ESG risks will continue to evolve and be an increasing responsibility for companies and their directors and officers.

In summary, looking ahead to 2024 it is expected that public companies will continue to avail of savings in the D&O market however these will be more modest in comparison to the price drops seen in 2023. It is unlikely that prices will continue to decrease long term however, especially considering the evolving ESG environment, increasing insolvencies, and the increasing regulatory landscape.