The past 12 months have been unprecedented on many fronts. Insurance is an important asset that can provide protection for organisations in challenging times and now that the proverbial ‘rainy day’ has arrived, in-house lawyers need to work closely with their risk managers and the business to maximise potential recoveries under the range of policies which may provide protection. This co-ordinated approach is more important than ever given the already challenging claims environment due to the hardening insurance market.
The most obvious risk that most organisations have been grappling with over the past 12 months is the pandemic and its impact. In some cases the impact is the immediate or direct risk, and in others the pandemic has given rise to challenges and work practices that may directly impact other risks. This time last year, we highlighted in this publication that the insurance response to Covid-19 losses may be critical for business, although at that stage few were predicting the extent of the financial impact that has been (and continues to be) felt in the UK and globally. But it isn’t just Covid-19 that is on the agenda for many boards. There are a number of other emerging risks that should be top of mind from an insurance perspective that we explore in this article.
Cover for business interruption?
The role that insurance has to play in the economic losses suffered by many businesses as a result of Covid-19 has received much attention globally. In the UK, the Financial Conduct Authority (FCA) brought a test case against various insurers to determine the extent of cover available under certain common non-damage business interruption wordings which may be included as part of property damage and business interruption (PD/BI) policies (Arch Insurance and others v FCA ). While PD/BI policies require physical damage to trigger, these non-damage extensions allow the policy to be triggered even when there is no physical damage.
Herbert Smith Freehills acted for the FCA in that case representing the interests of policyholders.
The case was seen as a resounding win for policyholders as the impact of the High Court and Supreme Court judgments was that the majority of clauses which were considered in the case did provide cover for the business interruption caused by Covid-19. This is welcome news to policyholders that have suffered loss of business as a result of the pandemic and the government lockdowns.
The key thing now for corporates who have suffered loss of business due to Covid-19 is to check their PD/BI policies to ascertain if they have cover or not. Where there is cover, it is important (as with all claims) to ensure claims are notified in accordance with policy terms. Whilst there will be issues still to be resolved – aggregation and the calculation of quantum being just two examples – the result of the test case should mean that there are fewer hurdles to overcome.
Of course the Supreme Court did not look at every policy wording and a number of particular clauses were not tested. However, this does not mean that other wordings do not provide cover so it is important to check your policies.
In addition, some issues not looked at by the Supreme Court have since been examined in other cases – for example, the case of Rockliffe v Travelers  considered a ‘closed list’ disease clause with a list of specified diseases that did not include Covid-19. The Court found that such a clause did not provide cover for Covid-19 losses. There will no doubt be more case law to come. The important thing for organisations now is to undertake a careful review of potentially relevant policies and take steps to preserve any coverage position.
Wider implications of the FCA Covid-19 test case
As the most significant insurance coverage case of the last decade, the FCA’s test case also has wider implications for insurance buyers. In particular, a key finding of the Supreme Court was that the case of Orient Express Hotels v Assicurazioni General  was wrongly decided. This has consequences, in particular, for business interruption cover in the context of natural disasters or ‘wide area damage’ events. Previously the case of Orient Express meant insurers could factor in devastation to the area surrounding the insured asset when assessing the level of business interruption losses covered by a policy arising from risks affecting wide areas such as floods, hurricanes and fires. This meant, for example, that if a hotel suffered damage and loss of revenue as a result of a hurricane, the insurers could rely on the fact that the business revenue would have suffered in any event due to the devastation to the surrounding area in order to reduce the loss recoverable under the policy. That is no longer the case following the Supreme Court’s ruling in the test case. However, it may be that insurers look to include express wording to reinstate to some extent the position as it was under Orient Express and so policyholders should look out for proposed changes to policy wordings in this regard. This is particularly pertinent for those organisations with property and assets in areas of the world at greater risk from natural disasters.
It is rare to have one set of circumstances giving rise to so many insured losses globally. History shows that when such circumstances happen insurance case law gets tested and developed. The closest analogy probably being the financial product mis-selling cases or the Lloyd’s of London near collapse in the 1990s. Much of the current law on aggregation of deductibles and limits at both the insurance and reinsurance level developed from these events – we predict that there will be a similar spate of coverage litigation that policyholders will need to keep on top of.
Emerging cyber risks
In recent years cyber has become a key business risk, and that has been accelerated by the Covid-19 pandemic increasing reliance on technology and providing opportunities for cyber criminals to take advantage of changing circumstances.
Cyber incidents can give rise to a wide range of losses. Some of these losses may be covered under a cyber-insurance policy (such as incident costs, loss of profits, ransoms and data breach claims/investigations). Others may be covered under a range of other policies (for example, crime cover for ransoms, directors and officers liability (D&O) cover for regulatory investigations and shareholder action, and professional indemnity cover for customer claims). Some cannot be insured (such as Prudential Regulation Authority (PRA)/FCA fines) and some are difficult to obtain cover for (such as reputational damage or loss of IP). Thus, to protect the corporate balance sheet (and, for individuals, their personal assets) care must be taken to understand how the company’s cyber exposure maps onto its insurance programme. The legal team can be a key contributor to and sponsor of this analysis.
Ransomware is a particular issue for businesses just now. Attacks can be very sophisticated and ransom demands are often set at levels which make it tempting to pay or are targeted at companies with insurance. But payment can in some circumstances be illegal, eg by reason of breach of sanctions or anti-terrorism laws, and insurance policies may not respond where legality issues arise. The legal team may need to advise quickly on ransom payment legality and insurance response, not least as these will be factors in pay or not pay decisions.
The scope of cover available for cyber risks is also in flux. Pursuant to regulatory pressure, insurers are incorporating new terms affirming or excluding cyber risk into policies, which can narrow or complicate the cover. Fully understanding the implications of these changes is easily overlooked but could be very important.
So what’s the practical lesson? Put briefly, the more that can be done to map out insurance coverage for cyber perils, and build insurance considerations into incident response plans, whether those of the business or bespoke to the legal team, the better the chances are of securing recoveries down the line: and that, after all, is what the business has paid its premium for in the first place.
Directors and officers’ cover in a hard market
D&O insurance is a core protection for directors (and other insureds) but buying such insurance is challenging at the moment, due to a combination of price escalation (as D&O had been sold too cheaply for too long) and difficulties buying enough cover due to loss of market capacity (due to factors such as insurer consolidation).
However, not buying protection is not an option for many businesses if they want to attract talented management. D&O risks continue to develop due to new regulation and technological, societal, regulatory and environmental change. In parallel, the legal landscape is developing with trends in certain types of claims, including regulatory action and shareholder actions. Particular areas of focus for regulators and shareholders alike may include operational resilience, environmental, social and governance issues (known as ESG) and non-financial misconduct (including behaviour such as bullying, harassment, sexual misconduct and discrimination). The legal team can assist by examining the businesses’ legal risk exposure (which may be different between say a financial services firm and a manufacturer), and ensuring that those buying the policy have this clearly in mind. That will be important so as to understand, for example, the impact of insurers seeking to take steps such as narrowing cover for regulatory events or imposing potentially problematic exclusions (eg cyber exclusions or securities exclusions).
Perhaps the most serious risk, however, is the potential for further waves of corporate insolvencies due not least to the ongoing impacts of Covid-19 and the lifting of government support. This could deprive directors of corporate funding to defend claims, so ‘Side A’ D&O cover for directors personally can be crucial.
Given the placement challenges, businesses are increasingly looking at alternative options. These may range from restructuring the programme to buy Side A cover only or setting up captives to provide insurance cover for the company within the programme (or to provide reinsurance cover for external market fronting insurers). Other options include offshore protected cell companies or offshore trusts. Similar challenges arise in each case, including capitalising these vehicles, complying with company law restrictions on indemnifying directors, ensuring that the assets are ring-fenced in the event the company goes insolvent, and ensuring that claims payment decisions cannot be influenced by the company. It will be imperative that the company (and directors) have appropriate legal input to ensure that these structures work as intended if and when called upon.
M&A activity is of course continuing notwithstanding the pandemic and for some it affords significant opportunities. That may mean in some instances the acquisition of distressed asset or share sales, with the inevitable time pressures and reduced diligence that entails.
Even without Covid-19, the use of Warranty and Indemnity (W&I) insurance to back M&A transactions was continuing apace. While it started as a tool for UK real estate deals, it is not now unusual to find it used in global M&A, energy and renewables deals. In the most typical structure the seller limits its liability (often to £1 or similar) and the buyer relies on a claim against the W&I insurers who stand behind the seller warranties, subject to additional warranty qualifications and the terms, conditions and exclusions of the policy. Claims inevitably lagged behind placements but were very much increasing before the pandemic, and that trend will no doubt continue.
Those looking to use W&I insurance for transactions with limited diligence may find the cover reduced. It is therefore in a buyer’s interest to interrogate risks of the deal so far as possible, and there may well be a trade-off between acting quickly and the extent of W&I cover. On placement, there are many insurers in the market, and it pays to carefully consider the detail of non-binding indications and consider the quality of cover, likely exclusions and ability of the insurers to match transaction speed as well as premium.
The key points to keep in mind in respect of claims are that, just as a seller would test any allegation of breach of warranty, so will a W&I insurer, but with the added complication that they will have underwritten the deal in days or weeks, and will not have lived with the business for years before. Accordingly it is essential that any W&I claim is project managed from the outset – to notify in compliance with the policy, collate and present what may be very detailed evidence, constructively and appropriately address the insurers’ requests (which can in some instances be quite wide and protracted), preserve all necessary third party claims, and assess and explain what may be complex issues of valuation.
The better the wording and diligence supporting the deal, the less hurdles there should be to overcome, but in all cases investment is needed to secure prompt payment.