Boards Beware: Regulatory Uncertainty has Created a Management Liability Pressure Cooker
Pressure and uncertainty are building within the regulatory environment, and businesses of all sizes are going to have a harder time complying with state, federal and foreign rules, especially as they relate to cyber security.
According to Tom Iorio, Management Liability and Specialty leader at Nationwide, regulatory change began to progress rapidly after the 2008 financial crisis and has been further accelerated by more recent trends.
“The financial crisis sparked a public outrage at all financial institutions, which made them a popular political target. That created a very heightened regulatory environment, especially with regards to the financial and securities markets,” he said.
But it’s not just banks, brokerages and hedge funds that are at increased risk. Other political, societal and judicial developments have converged to drive a shift toward closer oversight for several industries. As a result, compliance is becoming a bigger line item for companies in every sector.
Management liability insurers have responded by raising rates due to these exposures but working closely and transparently with underwriters to help companies manage their exposure as regulations continue to evolve.
The Creation of a Regulatory Pressure Cooker
Various factors are responsible for today’s regulatory tumult.
Election cycles are one driver that always inject a degree of uncertainty into the regulatory future. Whether the proposals are for rollbacks, tighter control, or new regulations altogether, every campaign season comes with the potential for new compliance challenges.
“In 2016 and again with the upcoming 2020 election, senators were calling for regulation of industries that have never been regulated before, most notably internet and social media industries. Google, Facebook, Twitter and other tech and media companies that have significant public influence are under intense scrutiny,” Iorio said.
The Mueller investigation has heightened awareness of how foreign bad actors can use the cyber realm to conduct espionage and sow discord, supporting arguments that the government should oversee how foreign entities use and do business with U.S. tech and media companies. Information security and ethical use of social media are driving state efforts to constrain this frontier. California’s Consumer Privacy Act and the New York Division of Financial Services’ cybersecurity regulation are two examples.
In addition to state laws, which can often be ambiguous or unclear, companies also must comply with foreign regulations like the GDPR, or risk incurring significant fines. This is true for virtually any organization that does business online. While there is no U.S. federal cyber regulation currently on the books, every election year renews interest in the topic and creates a lingering sense of uncertainty.
Outside of the politics of cyber regulation, a growing sense of protectionism is also amplifying regulatory scrutiny of mergers and acquisitions with global firms.
“The Committee on Foreign Investment in the United States is paying closer attention to any foreign entities seeking to acquire or merge with a U.S. company. They review potential security risks posed by foreign investment in the U.S.,” Iorio said.
“In the current political environment, the pressure is there to protect U.S. businesses and U.S. jobs. But it does make it more difficult for a U.S. company to expand internationally via merger or acquisition.”
Judicial rulings play a part as well. The Supreme Court’s CYAN decision, for example, will likely drive more class-action lawsuits under the Securities Act of 1933, as it effectively allows plaintiffs’ attorneys to forum shop parallel cases in the most favorable jurisdictions.
Ultimately, these events and trends together make compliance more confusing and more expensive. Noncompliance could mean severe fines from regulatory agencies, while a subsequent drop in stock value could spark shareholder lawsuits and ouster of senior management.
“A lot of regulatory and privacy issues are subject to fines and penalties. This could be per person, per violation. Eventually it could add up to millions of dollars. Currently, securities class actions are probably double the rate that they were several years ago,” Iorio said.
These severe financial consequences are impacting the professional liability insurance market as well.
Underwriters’ React to Increased Risk by Digging Deeper into the Details
While regulatory fines and penalties typically are not insurable, their repercussions for directors and officers do raise coverage concerns.
“When you look back at the financial crisis, there were billions of dollars of penalties and class action claims. While the penalties were generally not covered by insurance, many of the allegations contained in the class actions were covered. Such class actions are a driver of losses and we think this higher frequency needs to be priced into the market,” Iorio said.
Results in the D&O market have been pressured since roughly 2014, loss ratios are up approximately 15 to 20 points, and pricing is beginning to firm after a decade of declining rates. To properly underwrite the risk going forward, underwriters will have to get much more granular in their assessment of clients’ risk profiles and account for the increased frequency of SCA filings.
“Underwriting requires accounting for company’s past, present, and future — factoring in what new regulations might impact their business in the coming policy year. It’s imperative that underwriters take a deep, deep dive into how a company handles all of these issues that impact regulatory risk,” Iorio said.
That means examining every detail of their operations that could potentially fall afoul of evolving regulations. Are they selling products online to GDPR-protected customers? What type of consumer data do they collect? How do they store it? Do they have business contracts with foreign entities? Do they use any automated machinery? What do their audit processes look like? How frequently do they meet with regulators and what’s the status of that relationship?
“Another layer to look at is how the company presents itself to shareholders. What statements have they made about their operations and their financial health? What about any losses they’ve incurred? Regulators will look to see if the company properly disclosed all of its risk factors,” Iorio said.
Given the complexity and constant change of regulatory risk, it’s in insureds’ best interests to be as open as possible with underwriters to stay ahead of emerging exposures. Building a relationship also can help to maintain stable pricing if rates suddenly rise.
An Insurer Positioned for Stability Through Change
At Nationwide, face-to-face meetings with clients are all but mandated, and they take place well before renewal.
“We share ideas back and forth, we let them know what trends we’ve seen in their industry, they let us know what’s happening in their industry. We’re both looking out for each other — we can’t write effective coverage without full visibility into their business, and they can’t always fully understand how developing trends impact their risk without our high-level insight,” Iorio said.
Transparency and honesty help to foster long-term, collaborative relationships, which are absolutely critical in times of change and uncertainty.
“We understand that things will happen even when a company is doing its best. The regulatory environment can change quickly. But we’ll still be there. If there is claim, we work through it together and move forward,” Iorio said.
An insurer’s stability and financial strength, of course, are also critical to a successful long-term relationship. Nationwide’s A+ rating and balanced book of business demonstrate its ability to weather market changes. “We have our P&C side and our financial side, so if the market is challenging on one side, we have the other to balance it out. That creates a strong and stable business,” Iorio said.
As a mutual company, Nationwide also isn’t subject to the pressure of the quarterly earnings call.
“We don’t have to worry about people asking, ‘What’s your revenue this quarter?’ Instead they want to know ‘Is the business running well? What’s the market doing?’ And if it’s not cooperating, we try to be a little conservative. When it is cooperating, we’ll be a little more aggressive. We view the relationship we have with our Insureds as a long-term partnership,” Iorio said.
Visit https://mls.nationwideexcessandsurplus.com/fs/ for more information about our superior risk management solutions.
To learn more about Nationwide’s Financial Institution risk management products and services, visit https://mls.nationwideexcessandsurplus.com/fs/products/financial-institution-liability/ or contact Thomas Iorio, senior vice president, at 1-212-329-6906 or [email protected].
Speak with your agent or broker about specific policy details and coverages. Consult your policy’s terms and conditions for specific coverage information.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.