Directors to face increased personal responsibility in audits - time to review your D&O

Recent significant financial failings at major UK companies has led to a renewed focus on auditors and directors of large entities.  Accountability of individuals has been a key topic in modern corporate governance, and the government’s latest audit proposals^[1] are tinged with that theme.  In this article, we explore the current state of the reforms and the impact on Directors & Officers (“D&O”) insurance.

As and when the regime changes, directors with additional responsibilities will be anxious to understand whether newly created liabilities will be covered by D&O, and changes needed to policy wordings if they are not.  Breach of director duties to the company can lead to shareholder actions, and prosecution services and the Insolvency Service have powers of criminal enforcement and director disqualification respectively. Will the new regime raise additional concerns?

The short (and clear) answer is “yes”.  The newly created Audit Reporting and Governance Authority (replacing the Financial Reporting Council) will have increased powers to enforce breaches; there will be a new civil enforcement regime; and directors will face personal fines for breaches.  Bonus clawback is also on the table. 

No hiding for private companies

Whilst the attention grabbing headlines have focussed on public companies, like BHS, Carillion and Patisserie Valerie, the new audit proposals will apply to any company with more than 750 employees and £750m of turnover.  Large private companies (and their directors) will, therefore, be front and centre in this particular battle in the war on governance failures.

Additional director responsibility

Much of the burden will fall on directors to confirm that internal controls are sound, and to identify and prevent fraud risk.   Changes to the UK Corporate Governance Code are envisaged, external assurance on reporting of internal controls may be required, and there will also be guidance on the auditing of key information outside of company financials, including cyber resilience and ESG.  So how should directors prepare?

Directors & Officers – key considerations

Plainly, there will be a number of prevention tools in the armoury of company boards, and fulfilling obligations and avoiding breaches will be the aspiration.  However, mistakes happen, and a director finding themselves in the crosshair of an enforcement body will need the comfort of a comprehensive insurance policy.  So what are the key D&O issues to consider?

• Insurability of fines and penalties – the $64,000 (or often much more costly) question.  FCA fines are not insurable as a matter of law.  The insurability of other civil or regulatory fines is less clear (and context specific) and will be something to keep under review as the new audit regime is refined and implemented. 
• Investigations trigger – ensure your policy covers regulatory investigations in full, and does not sublimit the cover.  Even if fines and penalties are not insurable, costs of lawyers should be (and appropriate legal advice will be essential to reduce or avoid any financial penalty).
• Limits of liability with adequate depth – a D&O policy covers multiple individuals.  In a significant investigation, with conflicting interests, and multiple legal firms appointed, the well of policy limits can soon run dry.  Adequate resources to cover a multi-pronged investigation (which may take years to resolve) is essential.  Reinstatements or ring-fencing of limits, or additional limits for non-indemnified loss, can all help provide adequate cover in a more cost efficient manner.
• Beware broad dishonesty exclusions – previous BEIS press releases have used emotive language as to director “lies” regarding firm finances^[2].  Whilst some of this may be political rhetoric, there is an interesting intersection with the dishonesty exclusion in D&O policies if regulators push accusations beyond mistakes and into wilful misconduct.  The relevant exclusion must be restricted as far as possible, so that legal costs are covered unless and until there is a final non-appealable finding of dishonesty.

Timetable and impact on insurance

Indications from 2021 were that the Audit, Reporting and Governance Authority (which will replace the FRC) would become effective in the first half of 2023^[3].  However, firm commitments to dates have been hard to find, with the Chartered Institute of Internal Auditors writing to the government late last year to demand a timetable^[4].  As things stand, therefore, there is a great deal of uncertainty on when directors will come under new duties.

So does that mean the insurance wording can be left as it is until we know more?  The short answer is “no”.  Expansion of insurance policies (and the coverage available) cannot always be timed with the introduction of new director obligations.  Policy wordings may have retracted during the harder market, with insurers more able to call the shots.  The challenge in the current market is to take advantage of the more favourable conditions and anticipate the audit changes such that, when they are implemented, you and your directors are comprehensively covered.