Boardroom risk environment set to become more complex

Increased regional and global regulatory activity and the emergence of new risks, such as cyber, are two drivers of this complexity, according to AIG Europe’s head of liabilities and financial lines claims, Noona Barlow. As a result, both boards and risk managers need to ensure they have the understanding to mitigate the challenges that face both public and private companies.

Claims against directors and officers (D&O) have grown considerably since the financial crisis in 2008 – both in complexity and in expense.

“We are seeing more of these sorts of claims and with the added complexity comes expense. In a scenario where claims are made against several directors, due to the potential conflict between them, they will each have a separate law firm representing them. So, the costs of defending those directors, can be

“Whether it is cyber, or something else, boards have to work with their risk departments to ensure that there are robust procedures in place, that their employees are trained, and that the processes are regularly tested and reviewed.”

enormous, particularly if there are investigations and litigation taking place in multiple countries,” Barlow explains.

However, attitudinal research among senior business leaders in FTSE 500 companies (by Ipsos MORI for AIG) found overall levels of concern about potential liabilities among directors and officers has decreased slightly to 69%, down from 79% in 2013.

“Given the global environment that we’re working in, we’re seeing some quite large and some quite expensive targeted multi-country investigations against directors. The regulatory investigations often pave the way for litigation,” says Barlow.

“It is so important that boards are properly prepared for these possibilities and that requires collaboration across the whole risk piece.”

Emerging risk areas

The other factor driving boardroom risk complexity are emerging risk areas, like cyber. “Although we haven’t yet seen any successful D&O claims as a result of cyber breaches, I think everyone believes that it’s coming and this needs to be considered. Events like the recent [Petya and] WannaCry attack highlight the volatility in this area.”

AIG’s research shows increasing discussion regarding companies’ cyber security policy at board level, with 73% discussing more than half the time, as opposed to 48% in 2014.

Given how reliant businesses now are on technology, cyber is something that impacts everyone and Barlow says that in order to manage some of the boardroom risk associated with it, education from the top down is key. Too many senior business leaders (83%) are confident their IT department is able to protect the company from a cyber-attack.

“We know this is often no longer the case and boards need to be thinking about risk prevention more broadly. Whether it is cyber, or something else, boards have to work with their risk departments to ensure that there are robust procedures in place, that their employees are trained, and that the processes are regularly tested and reviewed.”

According to Barlow, this is something all companies could be better at doing, but some boards are much more prepared than others.

“Those companies that we deal with that have actually done scenario testing, not just for cyber but all kinds of risks, fare much better through the claims process. We had a cyber example recently where a customer who was proactive and well-prepared, so that what could have been a disastrous claim for them was resolved in about 48 hours.”

Barlow’s final message is around getting to know your carrier’s claims department. “Clients and risk managers tend to have great relationships with underwriters and never deal with claims people until a claim occurs, but I always encourage clients to get to know your claims people in advance, so that your first dealings with them are not at a difficult time.”