Shielding the C-Suite

Litigation, regulation, and activism around ESG topics are increasing. There is a growing expectation that organizations will be transparent about their ESG programs and risks while working diligently to improve their organizations’ performance.

As the global business environment moves toward increased transparency and scrutiny of leaders’ oversight, executives are being held accountable for their organization’s ESG strategy and implementation. So, it is unsurprising that ESG factors and governance of key ESG topics are considered by underwriters when underwriting Directors and Officers liability insurance (D&O).[1] In fact, companies that ignore key ESG risks or lack oversight are at risk of not being able to secure favorable terms for D&O insurance in the future or may find themselves uninsured when an incident occurs.[2]

What is D&O Liability Insurance and Why is it Important?

D&O liability insurance indemnifies senior management and board members from personal losses if they or the company are sued for alleged breaches in governance oversight. D&O insurance provides indemnification for associated lawsuits, investigations, damages, and settlements should they be found liable. The cover typically excludes fraud, criminal offenses, intentional acts or wrongdoing and losses associated with reputational damage.[3] All major organizations carry D&O insurance, as it is essential to attracting and retaining top-tier management teams and boards.

Key ESG Risks Affecting D&O Policies

Those trusted to lead organizations are expected to understand the key risks and opportunities facing the company. While traditional risks have longstanding management processes in place, many of the risks that fall under the umbrella of Environmental, Social, and Governance have little, or less mature, oversight. For example, management is now expected to reduce the impact of company operations on the environment today, predict and mitigate the impact climate change will have on operations in the future, reduce the probability of an increasingly imminent cyber-attack, retain human capital and promote diversity, equity and inclusion (DEI). How management oversees and mitigates these risks is an important factor for insurers when offering their capacity to underwrite an organization’s D&O coverage.[4]

Key Risks

Greenwashing
Directors and Officers are also ultimately responsible for the company’s integrity between its statements and action when it comes to ESG topics; when actions don’t align with what has been said, it is broadly referred to as “greenwashing.” Greenwashing can include overstating goals, having insufficient strategies to achieve goals or using one product as a benchmark for an organization’s commitment to sustainability. Greenwashing often leads to regulatory action, litigation, and potential long-term reputational damage.

As companies make more ambitious ESG commitments, public statements, and advertising that touts environmental and social benefits, greenwashing allegations will rise, which could result in a wave of action against corporate leadership teams.[5] Traditional D&O policies typically do not cover losses associated with intentional misrepresentation, but there is a gray area for misaligned statements that management should have known about. If insurers can prove directors knew that goals were unobtainable or that inaccurate statements were made, insurers might repudiate indemnification under the D&O policy. In the long run, failure to show good ESG oversight to insurers will likely limit an organization’s ability to obtain coverage from insurers.[6]

Climate
Climate change has led to increased stakeholder interest in an organization’s carbon footprint, the company’s long-term impact on the planet, and the changing planet’s impact on the company. Pressure from investors, supply chain partners, and governments to both improve practices and to disclose data around a number of E, S, and G factors means that companies are often required to understand and report on its carbon footprint and that of its supply chains, climate risks facing their business, and related topics like water, waste, biodiversity and nature. The sudden increase in reporting on these topics leaves organizations vulnerable. Directors who inaccurately report or overlook climate and environmental risks may be held personally accountable for the resulting financial setbacks.[7]

Diversity, Equity and Inclusion DEI
The Social aspect of ESG includes diversity, labor standards, human rights, community relations, and other issues related to how a company treats its employees, the people in its supply chain, its customers, and broader communities. As DEI continues to be a priority for organizations, companies are increasingly under external scrutiny and at risk of employee action if internal actions do not align with corporate goals. Failure by directors and officers to address discrimination or their own involvement in such practices may lead to litigation. DEI related litigation is on the rise and can occur for a number of reasons, including misleading statements on commitments to DEI or failure to address diversity among both employees and board members through to “allegations of violations of the Securities Exchange Act that led to shareholders’ making investments as a result of diversity claims.”[8] D&O policies often do not have exclusions around DEI issues but organizations should expect underwriters to want to see proof of a company’s commitment to DEI and governance protocols around it. However, D&O policies generally contain exclusions for intentional acts or wrongdoings and losses associated with damages to corporate reputation, both of which could arise from intentional violations of DEI initiatives and mandates. [9]

Cyber
Cyber risks and data breaches are already key risks on an organization’s risk register, driven by high-profile data breaches and cyberattacks. The risk of a cyberattack is a continually evolving threat, and most organizations see cyberattacks as unavoidable and thus have robust cyber incident response plans in place. Cybersecurity is an important topic in any corporate ESG program and is a key responsibility of management. If directors neglect to establish suitable reporting, cyber security measures, data protection controls and processes that align with documented practices, they risk violating their fiduciary responsibilities to the company and its shareholders which could result in a loss of indemnification from both its cyber and D&O policies.[10]

The Solution is Governance

Across the four risks highlighted, one common theme prevails: managing D&O risk and ensuring a company can get sufficient D&O insurance requires a sound approach to governance.[11] Good governance frameworks provide structure for decision-making, accountability, and oversight within an organization. Good governance of ESG topics means that a company is aligned on the purpose and value of its ESG program and develops objectives that align with them. It requires that the organization assembles the expertise and management to hold stakeholders throughout the organization accountable for delivering its ESG objectives and reporting ESG-related risks and opportunities with accuracy and transparency.

Robust ESG programs coupled with honest, transparent reporting have been shown to allow organizations to obtain favorable D&O insurance terms. Insurers will be looking for robust oversight of ESG risks, a comprehensive ESG program that accurately reflects the company’s values and commitments and, in many cases, will reference a company’s ESG ratings to gain an overall perspective of the organization’s ESG performance.[12]

A successful ESG program is authentic, grounded in data, and aligned with the company’s overarching strategy and stakeholder priorities. It will provide assurance to stakeholders, including underwriters, that the company consistently manages ESG risks and opportunities. Organizations can look to external advisors to help build, communicate, report and execute on a strong ESG strategy.

“More insurers see the connection between good ESG risk management and fewer or less severe D&O losses and are willing to recognize those with superior frameworks with better coverage”

— Paul Denny, Global Financial and Professional Liability (FINPRO) Practice Leader, Marsh Specialty

Often, Insurers use company ESG ratings to gain an understanding of an organization’s overall commitment to its ESG and sustainability policies. An example would be the MSCI ESG Ratings which aim to measure a company’s management of financially relevant ESG risks and opportunities. The ratings use ESG policies and performance across key ESG issues, including carbon emissions, human capital and cybersecurity, to help stakeholders understand a company’s ESG risks and opportunities.[14] Expert consultants can help clients understand the rating process and engage the rating agency to understand rating improvement opportunities. This enables the company to identify areas of improvement but also ensures the organization receives credit where credit is due from external stakeholders, including underwriters.