D&O liability insurance policies protect “officers.” But who is an officer? This is a question that insurers and policyholders have struggled with for years. More recently, questions about various new corporate roles and titles have emerged. In the following guest post, John Orr, D&O Liability Product Leader for Willis’s Financial and Executive Risk practice (FINEX), North America, examines the perennial question of who is an officer and proposes a new approach to the issue. The author wishes to express his thanks to his colleague, Lawrence Fine, for his the work they have done together on these issues. This article also appears in Willis’s FINEX Observer publication (here). I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
*************************
D&O insurance, by design, broadly protects corporate officers and directors against claims alleging “Wrongful Acts,” which term itself is defined to encompass just about any actual or alleged wrongdoing in that individual’s official capacity. Perhaps in that vein, the policy’s definition of “Director and Officer” has historically been worded with a degree of ambiguity. Policy language referring to “duly elected or appointed” individuals, for example, provided enough flexibility for both insurers and insureds. But that flexibility is now being tested by evolving corporate structures and expanding executive roles.
As new corporate titles emerge – especially in areas such as cybersecurity, artificial intelligence, compliance, and sustainability – requests for clarity are becoming more frequent. It’s true that, in public company D&O policies, all organization employees are “Insureds” for purposes of “Securities Claims” and, in some instances, when they are named contemporaneously in a claim with a director or officer, but rarely otherwise.
The traditional approach may no longer be the most suitable long-term solution. We should consider adopting a more functional, sustainable, and reliable solution as to who qualifies as an “officer” for purposes of coverage.
Definitional approaches to date
D&O policies have long included broad coverage grants to “Insured Persons,” including “Directors and Officers,” traditionally defined as “duly elected or appointed” officers and directors. A minority of US policies have dropped the “duly elected or appointed” condition altogether. With either approach, the intent may have been to align coverage with individuals who, under different state corporate laws or governing documents, are treated as directors and officers within their organizations. This circularity (an officer is an officer) has allowed companies and insurers to maintain flexibility across different governance structures and jurisdictions.
The model worked when corporate hierarchies were relatively simple and most officers fell into defined categories, such as CEO, CFO, COO, and General Counsel. In loose terms, most US-based D&O professionals considered “officers” to be C-suite level, Section 16 officers, with there being little or no controversy surrounding that description.
Some policies, particularly those issued in London and, to a lesser degree, the US, open up the definition of “Director and Officer” to include a longer list of individuals, such as de facto, shadow and observer directors. Specific to officers, the definition may extend to anyone in a management or supervisory capacity. In regions outside the US, these wordings are customary and have not given rise to any notable coverage adequacy concerns.
The challenge: new roles
In recent years, companies have been approaching their brokers for clarity on whether their CISOs were included in their D&O coverage with full officer-level status. After the SEC brought charges against the CISO of Solar Winds in 2023, the inquiries have intensified.
But is clarity only required of CISOs? Similar questions also emerge relative to others, among them, compliance officers, “people” or HR officers, finance-related officials, heads of ESG and sustainability and, most recently, those leading artificial intelligence efforts – all individuals who carry important decision-making authority, and who may face legal and regulatory exposure as a result.
Legacy efforts at deliberate ambiguity may no longer work to provide companies the assurances that many of them desire. Does the term “officer” in a title, by itself, or formalities around appointment, automatically determine their status as “officers” under the policy? Perhaps. But if certainty is the expectation, is “perhaps” good enough?
The current workaround: endorsements
To address this, many US brokers and insurers have negotiated endorsements to include individuals by name or title within the definition of “Director and Officer” (or “Executive” or similar verbiage). To be perfectly clear, there is nothing structurally unsound with this approach. It addresses the need, it is customary under the circumstances and, worded properly, it should not be considered an approach with downside coverage risks. But it’s a shorter term solution and not an ideal longer term solution. It cuts against the grain of the policy’s intended breadth. It requires insureds to anticipate what roles might trigger coverage in future claims, and it adds burdens to policy negotiations and renewal processes.
In addition, these types of endorsements are not likely to scale well over time. As new roles are established and executive responsibilities expand, the approach risks falling behind. It also creates inconsistency among insureds with similar risk profiles.
A better approach: indemnification as the North Star
There is a more sustainable alternative to the endorsement that schedules individuals. As one of its core functions, D&O insurance is a backstop to corporate indemnification. Therefore, the definition of “Director and Officer” should be aligned with indemnification rights. If the corporation indemnifies an individual for claims arising from their duties, or would have indemnified them but for factors such as financial insolvency, that individual should be a “Director and Officer” under the policy. Wording exists in the market to achieve this, but it has not been widely adopted. It should be.
To be clear, the approach is intended to be an additional element of the definition, not a replacement of existing wordings. It is designed to reflect the economic reality of D&O coverage. It avoids the need for title-based distinctions and includes individuals based on the functions they perform and the exposures they face. It also syncs up coverage with actual risk management practices, which often involves indemnifying executives beyond traditional C-suite officer ranks.
Adopting an indemnification-based element of the definition provides several advantages:
- Clarity: It reduces uncertainty at the time of a claim.
- Flexibility: It recognizes evolving roles without the need for policy modifications.
- Efficiency: It simplifies underwriting and reduces reliance on narrowly worded endorsements.
- Consistency: It provides a standard that works across industries and corporate structures.
- Reliability: It ensures that individuals performing higher-risk functions, often at the direction of the board or senior leadership, are not left unprotected.
There’s an added benefit in the context of today’s marketplace. At a time when D&O insurers are pressing for rate stabilization, coverage innovation may present an opportunity for them to differentiate themselves.
Is this an issue with private company D&O?
The question of “Who is an Officer” is significantly less of a concern as it relates to private, not-for-profit company D&O policies. For these organizations, the term “Insured Person” is customarily defined to include all organization employees without Securities Claim or co-defendant limitations. Thus, the coverage applies to a wider variety of claims against any employee who commits or allegedly commits Wrongful Acts in their capacities as such – subject, as always, to the policy’s other terms and conditions.
Conclusion: a needed shift
Who qualifies as an “Officer” under a public company D&O policy isn’t an academic subject. It has real-world consequences for risk transfer, claims handling and recovery, and executive protection. As an industry, we should recognize that titles no longer define exposure – functions do. A modern D&O policy should reflect that by treating anyone the company indemnifies (or, in certain situations, would have indemnified) as an Insured Person. The less clear “would have indemnified” proviso can sensibly be addressed by, say, reliance on internal legal or board determinations.
This is not about expanding coverage. It’s about modernizing coverage to address the way companies operate today. The risks have evolved. How we address them should evolve too.
***
John M. Orr