DOJ to Directors and Officers: Speak Up About Misconduct or Pay the Price

Investigators at law enforcement agencies are showing ever more appetite for the scalps of directors and officers to adorn their investigations on corporate crimes.
By: | April 24, 2019

Struggling to convince your board to boost the insurance budget? Try arguing that a comprehensive risk transfer program could come handy if directors receive that most dreaded phone call: an invitation to have a coffee at the United States Department of Justice (DOJ). Or at the U.S. Securities and Exchange Commission. Or the Commodity Futures Trading Commission.

According to experts, investigators at law enforcement agencies are showing ever more appetite for the scalps of directors and officers to adorn their investigations on corporate crimes.

The process of underwriting insurance policies can strengthen the case defense attorneys make when they argue for the innocence of clients in white-collar prosecutions.

Internal Controls and Assessing Risk

The role played by insurance, in this situation, is to certify that a company had the right internal controls and compliance systems in place when the alleged crimes took place. During the process of selling certain coverages, insurers are supposed to take a close look at a client’s internal controls before taking the risks.

“Policies such as D&O and E&O can provide arguments to directors’ defenses in court cases,” said Bill Leone, the head of the New York white-collar practice at Norton Rose Fulbright, the law office.

Rob Yellen, D&O and fiduciary products, Willis Towers Watson

“Companies should therefore have comprehensive insurance programs in place.”

A similar reasoning goes for emerging risks faced by directors and officers such as fines derived from cyber attacks, an emerging threat due to the reporting obligations created by data privacy legislations in the U.S. and abroad.

“If a company has a good record on implementing a culture of compliance, anti-bribery and other good practices, the enforcement authorities will be far less likely to punish it,” said Rob Yellen, an executive vice-president, FINEX North America, at Willis Towers Watson.

“If it has a good process to manage privacy and data, but data is stolen anyway, it can mitigate the risk of a big fine,” said Yellen.

Mitigating Misconduct Within the Company

Timothy Treanor, a partner at the Sidley law office in New York, stressed that even though executives are sometimes prosecuted for engaging in criminal conduct, the most common reason why they are taken to the courts by the DOJ and other agencies is a failure to prevent misconducts within the company.

To protect themselves from this sort of accusation, they must press the company to implement an efficient and well-design compliance program. If that is the case, and rogue behavior still occurs in the company, they can argue in court to have done all they could to prevent it.

“Sometimes there are red flags about misconducts that officers and directors see, but they do not do enough about it. At some point, it can cause them to come into scrutiny during an investigation. That is where problems happen most often for officers and directors,” Treanor said.

“If the company has a compliance program that aims to prevent misconducts from happening, and when they happen, to identify, stop and fix the problem, directors and officers are in a good place.”

The argument tends to be more convincing if it is reinforced by a positive assessment by independent third parties, like auditors that issue COSO certifications and specialized law officers.

Carriers that provide D&O and E&O insurance are also supposed to have a good grasp of a client’s compliance systems and internal controls. If they accept the risk, it is because they feel comfortable with the arrangements made — a factor that may not be lost to the authorities.

“A good lawyer will take a look at anybody that can provide an external view of the compliance program of their clients,” Treanor said.

Looking at Other Potential Risk Areas

Depending on the policy, insurers will want to know all about the measures adopted by companies to prevent D&O and E&O risks such as securities class actions, sexual harassment and bribery.

Similarly, cyber carriers will assess how comprehensive are the company’s cyber security systems.

Increasingly, carriers are worried about how companies deal with information collected from customers and business partners, as data privacy fines become more common and their clients demand that they are covered by cyber and D&O policies.

Nir Kossovsky, the CEO of Pittsburgh-based Steel City Re, said that the growing number of white-collar prosecutions is also driving demand for reputation harm coverages. These products involve a thorough analysis of a company’s governance structure and the way it deals with topics such as the environment, social issues and corruption, which can have an impact on its brand image.

“Our coverage enables the company to legitimately separate the board and the company itself from the misdeeds of rogue operators,” he said. “After all, we are a third party that not only evaluates their governance systems, but we also feel good enough about them to take the risk.”

In the opinion of Priya Cherian Huskins, a partner at brokerage Woodruff & Sawyer, the process is more important than the actual policy or the certification obtained by the company.

She noted the government reserves itself the right to go through the company’s internal controls with its own resources. But the effort made by the company to assuage the underwriter’s concerns can go a long way towards meeting eventual demands by prosecutors.

Nir Kossovsky, co-founder and chief executive officer, Steel City Re

She warned, however, that this is only true if the insurance partner is really willing to make a thorough assessment of the client, which, for its part, must be up for a comprehensive diagnosis of its governance systems.

“The quality of insurance carrier underwriting will differ depending on the size of the company and other factors,” she said.

“Smaller companies may look for D&O coverages without very much conversation about internal control procedures. By contrast, bigger companies have bigger risks, and they may want to talk about internal controls and procedures in order to make insurance carriers comfortable to ensure them.”

“The quality of insurance carrier underwriting will differ depending on the size of the company and other factors.” — Priya Cherian Huskins, partner, Woodruff & Sawyer

Also, in a competitive market where pricing is an issue, more aggressive carriers may be willing to take risks without making too many questions, so it is important to chose insurers with a strong reputation in the marketplace.

“Carriers are going to ask different questions, depending on how they underwrite risks. Especially on D&O liability, there is no one way of doing it,” Yellen said. “But if you have a good story and a strong process, it will help the underwriter to be more comfortable with the risk.”

The DOJ’s Shift on Emphasis

In any case, company’s bosses might be sensible to the argument that insurance can increase their security against lawsuits, as the risk of white-collar prosecutions is an ever more present factor in the corporate world.

In 2016, the DOJ issued a policy, known as the Yates Memo, that enshrined a long-existing approach by law enforcement agencies to go after executives for their responsibility for criminal acts committed by members of their companies.

The policy was softened during the Trump administraion by the DOJ, as deputy attorney general Rod Rosenstein relaxed some of the disclosure obligations that companies have to meet when they collaborate with investigations. The DOJ has also taken measures to avoid that different agencies pile on a case when a company is investigated irregularities.

But law experts say the risk of directors and officers being taken to courts by the DOJ, the SEC or others should still be firmly on risk managers’ minds.

“The Rosenstein interpretation certainly reduced the exposure of directors and officers to the Yates Memo,” Huskins said. “But it remains the case that directors and officers must be vigilant that they have systems in place that are designed to stop criminal behavior.”

In fact, the DOJ reported that white-collar prosecutions increased by 3% in 2018, as it charged more than 6,50 defendants.

A more aggressive program to financially reward whistleblowers who sing to the authorities should keep the pipeline busy. Last year, two individuals received $27 million each for denouncing irregularities in companies, total payments to whistleblowers were higher than all previous years combined.

“Directors have always been exposed to prosecutions, even before the Yates memo,” Leone said. “It is only the DOJ’s emphasis that has changed in recent years.” &

Rodrigo Amaral is a freelance writer specializing in Latin American and European risk management and insurance markets. He can be reached at [email protected].

More from Risk & Insurance