knowledge 5 May 2020 |

COVID-19: The Importance of D&O Insurance in a Crisis

D&O insurance cover is primarily intended to protect directors or former directors where a company cannot or will not provide indemnity out of its own funds. Directors are of course conscious that D&O insurance is important, particularly in regulated, prudential industries or in businesses which operate in the US.  D&O cover is however complex and in addition to the level of cover being a key issue, the small print of policies should be checked as there may be limitations to the protection available.

Potential Risks for Directors in the Crisis:

1. Director duties and responsibilities

A director is subject to his or her duties and responsibilities under the Companies Act 2014 (the “Act”) as well as a range of statutory obligations in other areas of law such as employment, health and safety and data protection. Irish law imposes a number of fiduciary obligations on company directors, including the duties to exercise the care, skill and diligence which would be expected of a reasonable person in the same circumstances and to act honestly and responsibly in relation to the conduct of the affairs of the company. When a company is solvent, director duties are owed to the company itself (see here our recent briefing on directors’ duties and compliance considerations). Directors of listed companies or of companies whose shares are offered for subscription, whether on a stock exchange or not, will need to be aware of the particular and important responsibilities and obligations that they have, including under Prospectus Rules, Listing Rules and Takeover rules. 

2. Shareholder and investor claims

In some circumstances, a shareholder can under Irish law commence legal proceedings against the company where the affairs of that company are being conducted, or the powers of the directors are being exercised, in a manner oppressive to any of the shareholders or in disregard of any shareholders’ interest as a member.  Aggrieved members may also in certain defined circumstances take a derivative action (i.e. an action in the name of the company itself) if the company has been wronged (see here for our recent briefing on derivative actions).

Directors should be cognisant of potential for claims by shareholders and investors alleging mismanagement or negligence by a director in response to the COVID-19 pandemic if loss to the company occurs or indeed if there is a drop in share price (with there being examples of such action in the US already).  There is also likely to be greater scrutiny of all disclosures made regarding the impact of the COVID-19 on the company and such statements should be prudently prepared given the potential for claims of misrepresentation or negligent misstatement against directors.    

3. Breach of contract claims

Force majeure clauses will prove to be critical for businesses encountering contractual problems arising from the COVID-19 pandemic. The wording of specific force majeure clauses will dictate whether they may excuse companies from liability for non-performance.  If not, companies may look to establish that the contract has been frustrated. While it is unlikely that breach of contract in this regard will lead to personal liability for directors and is more likely to arise as an issue for the company, it is an important point for directors to be aware of. See here for our briefing on commercial contracts and COVID-19. 

It is also interesting to note that recent English authority¹ suggests that in that jurisdiction directors of a limited company can, in certain circumstances, be personally liable for inducing a company to breach a contract.  The facts of the case were quite particular, however it is a precedent of potential persuasive value which could be utilised to support claims of this type being made against directors in Ireland.

4. Regulatory enforcement and investigations

Litigation is not the only risk for directors. Many public agencies now enforce corporate responsibilities in Ireland. These include the Office of the Director of Corporate Enforcement, the Competition & Consumer Protection Commission, Health and Safety Authority and the Environmental Protection Agency. Directors in regulated sectors face additional regulatory requirements, which if breached may expose them to personal liability. This remains so in the current crisis and directors in such sectors must remain aware of measures taken by relevant regulators so as to ensure they continue to comply with regulatory requirements, including regarding governance, conduct of business risk, outsourcing and reporting.

Given that this is an evolving and ongoing situation, directors need to be aware of the regular statements coming from regulators, for example, the Central Bank of Ireland, from ESMA and the ECB. See here for our most recent financial services round-up.

5. Financial difficulty

Professional advice from financial and legal experts ought to be obtained by directors where the company is in financial difficulty and indeed if directors do not believe that there is a likely future for their business either during or post this crisis. 

If insolvency becomes a real possibility for the company, the primary focus of the directors shifts away from the company’s members and in favour of the company’s creditors.  Where this arises, directors should take care to ensure no breaches of company law arise as there may be an exposure for directors in their personal capacity where breaches arise.  That said, it is important to emphasise that the law does not penalise directors who act honestly and responsibly at the time a company is in financial difficulty.

6. Cyber and data protection risks

The COVID-19 crisis increases concerns regarding the security of organisations’ networks. As a result of the significant increase in remote working, businesses should be aware of the cyber security risks that come with the increased demand for access to company resources from personal devices and violations of acceptable use and confidentiality policies.

Directors will be aware that under the Data Protection Act 2018, they can be held liable where a director authorised or consented to the acts that constituted the offence or if the act was attributable to connivance or neglect by the director. The potential offences that may arise under the Data Protection Act 2018 include where a processor knowingly or recklessly discloses personal data being processed on behalf of a controller without the prior authority of the controller. See here for our briefing on increased COVID-19 cyber risk and here for our briefing on COVID-19 and data protection.

7. Health and safety claims

As a public health crisis, the COVID-19 pandemic inevitably presents a risk of health and safety prosecution if the appropriate guidelines are not followed. While, in line with guidance from the Irish government, most businesses are currently working remotely, employers who remain open are legally obliged to ensure the safety, health and welfare at work of their employees. The Safety, Health and Welfare at Work Act 2005 (the “2005 Act”) imposes a general duty on an employer to ensure “so far as is reasonably practicable” that the safety, health and welfare at work of its employees is safeguarded. That duty will be interpreted in light of the Health Act 1947 (Section 31A – Temporary Restrictions) (COVID-19) Regulations 2020 which give legal effect to public health guidance on non-essential travel and gatherings of people.

Notably directors can be held liable for various offences under the 2005 Act, where the director authorised or consented to the acts that constituted the offence or if the act was attributable to connivance or neglect by the director.

Comment

Under Irish law a director cannot exclude his or her liability to the company, nor can the company indemnify a director in respect of his her liability to third parties.  Only time will tell the true extent of potential claims against directors emerging from the COVID-19 pandemic. In seeking to mitigate the potential costs of such claims companies should take the time now to consider their D&O insurance policies and assess coverage against the above-outlined potential exposures. Particular consideration should be given to notification requirements of policies and the prompt notice of any claims. In so far as possible, a director should tailor notifications to the requirements of his or her policy to set out in detail why the claim is being made as opposed to a general “COVID-19” reasoning. If renewing a D&O policy, policyholders should pay close attention as to whether their renewal policies purport to exclude claims due to COVID-19. See our briefing here for further information on D&O insurance policies.