One of the hottest current topics in the field of D&O insurance is the question of coverage for costs incurred in connection with regulatory investigations. As discussed in the following guest post from Paul Ferrillo, who is Of Counsel and a senior litigator in the Securities Litigation/Corporate Governance Group of Weil Gotshal & Manges, LLP, these issues are likelier to become even more important as the Dodd-Frank whistleblower rules go into effect.
I would like to thank Paul for his willingness to publish his article on this site. (Paul’s article previsously appeared in Propery & Casualty 360.) I am interested in publishing guest posts from responsible commentators on topics of interest to readers of this blog. Please contact me directly if you are interested in submitting a guest post for consideration.
Here is Paul’s guest post:
Though most in-house risk professionals and in –house corporate lawyers do not exactly relish the opportunity to review their company’s directors and officers (“D&O”) liability insurance policy, the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), coupled with an increasingly active regulatory environment, should cause all companies (especially smaller ones) to consider the scope and breath of their D&O policies. Particularly important under Dodd-Frank is whether and how their policies will cover internal corporate investigations caused by whistleblowers out to recover a bounty (10 to 30 percent) on potential penalties collected by the SEC in excess of $1 million. Should these sorts of complex internal investigations be covered under the Company’s pre-existing directors and officers liability insurance coverage? Here are the considerations, and here are some potential answers.
Scope of D&O Coverage for Corporate Investigations – Then and Now
Before we begin, its probably important to re-emphasize why this question is important. Simply put, corporate investigations set in motion by a whistleblower or regulatory authorities (SEC, DOJ, and/or the states attorney generals), can lead to a whole host of problems for a company and its directors and officers, including: (1) potential fines and penalties, (2) potential criminal repercussions for individuals who are accused of potential wrongdoing, and (3) follow-on civil litigation commenced by the plaintiff’s bar seeking to take advantage of potentially damaging facts that came to light as a result of the investigation. It also goes without saying that internal corporate investigations are expensive to conduct, including not only the associated legal expenses, but also IT expenses as well, which are occasioned by the need to review email and other soft-copy documents that might be relevant to the investigation. A competently handled investigation where no wrongdoing is found may cause regulators to walk away satisfied that the company “did the right thing.” and will many times will add no fodder to the follow on civil litigation A poorly handled investigation can lead to disastrous consequences for all involved, especially the company who has to ultimately “foot the bill.”
Prior to 2011, D&O coverage for certain categories of internal corporate investigations was relatively standard in most primary D&O policies. Individual directors and officers were generally covered (depending, of course, upon the primary carrier and policy form in question) for both informal inquiries and requests for information, and civil, criminal, administrative or regulatory investigations commenced by either the issuance of a Target Letter or Wells Notice, or after the service of a subpoena. The company was almost never covered, except when it was named (along with an individual directors and officer) in a “formal” SEC investigation (and then only when the D&O policy at issue specifically allowed for such coverage). No coverage, at all, existed for the Company for responding to “informal” inquiries and requests for information from the SEC.
The New Threat – More Investigations – More Risk – More Expense
On May 25, 2011, the SEC adopted final rules implementing the whistleblower provisions of Dodd-Frank. Though these rules are somewhat complex, for the corporate risk professional they can be broken down as follows. Dodd-Frank provides that (1) an eligible individual (e.g. an employee of a company), (2) who “voluntarily” provides the SEC (3) with “original information” about a potential violation about a violation of the federal securities laws, (4) that ultimately leads to a “successful” enforcement action, (5) may be entitled to receive a cash award ranging from 10% to 30% of the total monetary sanctions, in excess of $1 million, recovered by the SEC in a civil or judicial action.
Importantly, despite the fact that the potential whistleblower might just have easily reported the potential wrongdoing through the company’s own internal reporting and compliance program, the whistleblower provisions of Dodd-Frank do not require him or her to first do so. Instead, the whistleblower may go directly to the SEC in order to be “first in line” to receive the potential bounty. The new rules enacted by the SEC do give the whistleblower an “incentive” to first report internally by (1) allowing him up to 120 days to report such information to the Commission after he or she first reports internally (and still retain her or her place in line to receive the bounty), and (2) allowing for the attribution to the whistleblower who first reports internally all subsequently reported information reported by the Company following its own internal investigation.
These reporting provisions, along with the monetary incentives of Dodd-Frank present the company at issue with a number of potential challenges: (1) more internal investigations as a result of the clear financial incentives of employees and others to “blow the whistle” (in fact, there are reports already that the SEC has received an increased number of tips (often made with supporting documentation) since the passage of Dodd-Frank, (2) the potential need to quickly perform an internal investigation should the whistleblower report to the Company first (knowing that he or she has 120 days to report to the SEC). Indeed it may be in a company’s interest to self-report to the SEC before the SEC contacts it first, and/or (3) in any event, be ready to perform the investigation upon first contact with the SEC should the whistleblower choose to bypass internally reporting procedures.
Corporate Investigations D&O Coverage Today
Prior to 2011, companies generally had no insurance mechanism to cover a costly internal investigation triggered by a regulatory inquiry. Today that is not the case. One large insurer has created a stand-alone product that potentially covers a company for a wide variety of potential corporate investigations., whether triggered by internal reporting through a company’s internal compliance program (with subsequent self reporting of a potential securities law violation), or triggered by a direct formal or informal written or telephonic communication with the SEC requesting information, documents or interviews. There are rumors that other companies will soon follow suit and provide similar, if not alternative products or solutions, to cover the costs of internal corporate investigations triggered by regulatory inquiries.
A stand-alone corporate investigations D&O policy has a clear advantage for many companies seeking to insure for corporate investigations, and a compelling advantage from the stand-point of a director or officer of a public company. Since it is “stand-alone,” monies spent under an “investigations” policy will not reduce the limits of the company’s pre-existing directors and officers insurance coverage. Simply put, separate dedicated limits for a corporate investigation is the best solution.
If for cost reasons, a stand-alone product is not affordable, but a carrier agrees to attach or “blend” corporate investigations coverage directly into the primary directors and officers policy, the directors and officers should insist either (1) that company only purchase such coverage with a significant “sublimit,” (meaning that only a portion of the primary policy can be used for a corporate investigation), or (2) purchase much higher D&O limits from a “tower of insurance” perspective, knowing that “on any given Sunday” a complex investigation could eat up millions of dollars of the tower. For many companies, it may be a good idea to consult with an insurance broker or advisor that has a high degree of experience in insuring public companies, as they can often help inform and effectuate some of the corporate investigations D&O insurance strategies laid out above.
 A “formal” SEC investigation is one commenced by the issuance of a Formal Order of Investigation by the SEC. Formal orders of investigation can now be issued by the Director of Enforcement of the SEC, or by certain senior officials of the SEC to whom he has delegated such authority. The SEC can also make “informal” inquiries of company’s, seeking both documents and information on specific issues which they are interested in investigating.
 For a thorough review of the whistleblower provisions of Dodd-Frank, see June 3, 2011 Weil Alert: “SEC Disclosure and Corporate Governance: Dodd Frank Update: SEC Adopts Whistleblower Rules.
 In fact, SEC Chairman Mary Shapiro noted publicly on May 25, 2011 in an SEC Open Meeting that “Already, the whistleblower provision of the Dodd-Frank Act is having an impact. While the SEC has a history of receiving a high volume of tips and complaints, the quality of tips we have received has been better since [Dodd-Frank] became law. And we expect this trend to continue.” Refer here.