The Dodd-Frank Act contains a number of controversial provisions, but perhaps none more so than mandatory payment of a substantial bounty to individuals who provide "original information" to the Securities and Exchange Commission (SEC) leading to fines in excess of US$1 million. These so-called "whistleblowers" are eligible to receive a minimum of 10 percent and a maximum of 30 percent of any fine levied by the SEC, providing a powerful new incentive for individuals to air their concerns about corporate conduct outside the organization.
The SEC has promulgated draft regulations that, if adopted, would somewhat circumscribe the broad reach of Dodd-Frank's statutory language. The SEC also has publicly announced its intention to carefully screen incoming reports for abuse. Nevertheless, it is reasonable to assume that there will be increased interest in "blowing the whistle" to the SEC rather than reporting information through internal channels. Indeed, some commentators predict that the Dodd-Frank bounty provisions have the potential for converting what would otherwise have been minor human relations disputes into occasions for regulatory inquiry.
Public companies are well-advised to review their internal compliance programs to ensure that they are well-designed to appropriately encourage employees to report problematic behavior internally.
The Bribery Act 2010, coming into force in the UK in April 2011, also necessitates that public companies operating in the UK review their whistleblowing policies, since the Bribery Act essentially requires organizations to have adequate procedures in place to combat bribery and corruption, and published guidance indicates that these procedures should include clear measures to deal with whistleblowing activities.
In light of the increased governmental encouragement of whistleblowing activity, companies should also analyze aspects of their directors' and officers' liability policies (D&O policies). Most D&O policies contain a coverage exclusion commonly referred to as the "insured versus insured" exclusion. Under these provisions, litigation brought by an individual or entity deemed an "insured" under the policy against another "insured" under the policy is excluded from coverage. Insured versus insured exclusions are intended to prevent collusion between insured parties at the expense of the insurance carrier, and are drafted in a variety of manners.
In some cases, carriers have sought to invoke broadly worded exclusions to deny coverage for regulatory investigations or private litigation ensuing from a whistleblower complaint. Given the absence of collusive activity in most whistleblowing contexts, these coverage denials have often caught companies off guard and have sometimes resulted in litigation with carriers in an effort to secure coverage for investigations or litigation flowing from whistleblower complaints.
Public companies should consider the following in advance of their next D&O insurance renewal:
- Many D&O insurance policies automatically cover employees for securities claims. Companies will want to ensure that this expanded coverage does not lead to unexpected problems should an employee later become a Dodd-Frank whistleblower. Confirm that your policy has a clear carve-back (i.e., a grant back of coverage) from the insured versus insured exclusion for employees. Unfortunately, insurers may not agree to permit this carve-back to include officers of the company.
- Re-examine the carve-back from the insured versus insured exclusion for whistleblowers that should already exist in the D&O policy. Often the whistleblower definition is too narrowly drafted. For example, a whistleblower carve-back that is defined with reference to Sarbanes-Oxley may not be helpful when dealing with a Dodd-Frank whistleblower. Ask the carrier to expand the definition of "whistleblower" appropriately. In some cases, it will be possible to include officers and directors in this carve-back from the insured versus insured exclusion.
- Obtain renewal coverage from a carrier that is willing to offer the newer, more policyholder-friendly "entity versus insured" exclusion. Unlike an insured versus insured exclusion, when a policy has only an entity versus insured exclusion, there would be still coverage for a claim that was brought against the company or an individual director or officer with the assistance of an individual insured under the policy. The entity versus insured exclusion would be triggered only if it were the company itself that was bringing or supporting the claim against an insured under the policy. One large carrier, Chartis, moved toward the entity versus insured exclusion in 2010 with the release of its newest D&O insurance policy form, and other carriers have followed suit.
- Re-confirm that your "Side A" D&O policy has no insured versus insured exclusion. Side A policies protect only directors and officers; the company is not an insured under the policy. Since Side A policies respond only when the company is financially or legally unable to indemnify directors and officers for an insurable matter, it is crucial that any Side A policy be comprehensive with as few exclusions as possible.
- Recognizing that both the UK Bribery Act and the US securities laws contain provisions that impose potential liabilities upon senior officers for financial and other irregularities that are common subjects of whistleblowing activity, it is essential that D&O policies provide adequate coverage to directors and officers should they face investigation by the UK Serious Fraud Office or US regulators.
Of course, requests for expansion of coverage under a D&O insurance policy often cause an insurance carrier to attempt to charge a higher premium. For most companies (especially those that are not financial institutions), however, the insurance market remains highly competitive. If negotiated properly, many of the enhancements listed above may be available for little or no additional premium. This is especially true for companies that are "good risks" – i.e., not in the midst of (or at high risk for) litigation. Where appropriate, a competitive bidding process that involves multiple insurance carriers will be helpful. This is especially so if the company compares not just price but insurance coverage terms and each carrier’s claims-paying experience as well.
Determining the correct course of action for an individual company and its officers and directors will depend upon a variety of factors including the company's willingness and ability to pay enhanced premiums, its risk retention levels, its ability to bear the risk associated with uninsured claims, the availability of coverage on preferable terms and other factors.