Trends in D&O Insurance Coverage and Recommendations for Corporations and Financial Institutions | News & Insights | Alston & Bird (2024)

In his 2022 speech “Reining in Repeat Offenders” at the Distinguished Lecture on Regulation at the University of Pennsylvania Law School, the director of the Consumer Financial Protection Bureau (CFPB) stated that “[a]chieving general deterrence is an important goal for the CFPB” and “the role of individual liability cannot be discounted.” To that end, the CFPB recently proposed an enforcement order registry that would, among other things, require certain larger participant nonbanks subject to the CFPB’s supervisory authority to designate a senior executive who is responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the registry to attest regarding compliance with covered orders and submit an annual written statement attesting to the steps taken to oversee the activities subject to the applicable order for the preceding calendar year and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.

It is not surprising that one of the major questions that has arisen about financial institution (FI) insurance coverage is the extent of coverage for regulatory enforcement actions. Other questions arise in interpreting the scope of FI insurance coverage for terms such as a pending and prior claim, the performance of professional services, invasion of privacy (and whether data breaches are covered), and fraud. These terms can be particularly important in the heavily regulated financial services industry. Accordingly, financial institutions need to understand FI coverage options and the negotiable terms.

Are regulatory enforcement actions included in coverage terms?

Responding to inquiries from agencies such as the CFPB, Securities Exchange Commission (SEC), Department of Justice, attorneys general, and federal and state banking agencies can be disruptive and expensive. As a threshold matter it is important to understand the extent of insurance coverage, including the kind of inquiry that is covered. The first step is to make sure you understand which regulators are covered when there is an inquiry or enforcement action. Ideally, financial institutions would have coverage for claims from any federal or state agency.

Is there coverage for costs incurred in responding to informal inquiries?

For example, there may be coverage for an informal document request and employee interview by a government agency. Many policies now offer some coverage of a formal government agency civil investigative demand (CID) or subpoena to a financial institution, and it is important to understand the specific scenarios in which such a CID or subpoena is covered.

When facing an ongoing government investigation, is it subject to the excess policy’s “pending and prior claim” exclusion?

In a recent case, the policy language provided that the excess policy did not apply to “any amounts incurred by the Insureds on account of any claim or other matter based upon, arising out of or attributable to any demand, suit or other proceeding pending or order, decree, judgment or adjudication entered against any Insured on or prior to July 31, 2011.” The court ruled that the parties had agreed to exclude from the excess policy coverage any claim as defined in the language of the primary policy.

The court also ruled that an ongoing SEC investigation, even though it was not being covered by any insurance policy, was a claim as defined under the primary policy and thus was subject to the pending and prior claim exclusion of the excess policy. This case emphasizes the importance of understanding the definitions of a claim within the relevant policies.

What are some considerations for losses arising out of the performance of professional services?

Many FI policies have exclusions for loss arising out of the performance of professional services, which distinguish claims covered by a company’s errors and omissions (E&O) insurance. It is important to understand the effect of these exclusions, which are illustrated in recent court decisions.

In one recent case, a court held that a bank’s policy’s professional services exclusion precluded coverage for all insureds, not just those delivering the services. The exclusion in the case provided that there was no liability for claims “made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others….” The court held that the phrase “any Insured” made the insurer’s obligations jointly held, which prohibited recovery from any insured.

However, the policy at issue in this case did not have a severability provision. The court’s opinion suggests that a professional services exclusion in a policy with a severability provision would preclude coverage only for those who actually performed the professional services.

Another consideration is the broad language that was used in the clause in this case—it uses words like “arising out of,” “based upon,” or “attributable to” the professional services provided. Companies should ensure that the clause serves its purpose and does not preclude too much coverage.

Another issue involving professional services exclusions, particularly for banks, are fee cases. Overdraft fees, as well as a lot of other fees, including junk fees, have been a focus of regulators. One court has considered the question of insurance coverage for a bank’s obligation to repay overdraft fees. In this case, a bank customer filed suit against the bank, seeking relief from “unfair and unconscionable assessment and collection of excessive overdraft fees.” The bank filed suit against its insurer for refusing to pay defense costs in the lawsuit.

The policy at issue had a duty-to-defend clause covering claims “for a Wrongful Act committed by an Insured or any person for whose acts the Insured is legally liable while performing Professional Services, including failure to perform Professional Services.” However, the policy also had an exclusion “for Loss on account of any Claim … arising from … any fees or charges.” The court affirmed the denial of the companies’ entitlement to payment for defense costs, ruling that the fees exclusion absolved the carrier of an obligation to pay such costs. Cases like these reinforce the importance of understanding defense costs coverage for these kinds of overdraft fee cases.

How does an exclusion for invasion of privacy impact cyber breaches?

It is not uncommon for policies to have clauses that exclude claims based on invasion of privacy. Recent cases underscore the importance of understanding whether such clauses exclude coverage for claims in cyber breaches.

A court recently held that the Los Angeles Lakers were not entitled to insurance coverage for allegations that the team violated the Telephone Consumer Protection Act (TCPA). The court ruled that “because a [TCPA] claim is inherently an invasion of privacy claim, [the insurer] correctly concluded that the underlying [TCPA] claims fell under the Policy’s broad exclusionary clause.”

This decision could affect coverage of cyber-liability claims involving cybersecurity and data privacy, which are becoming increasingly common and which often touch on invasion of privacy issues. Companies should understand their exclusionary clauses on this score.

What is “final” for purposes of an insurance policy’s fraud exclusion?

Many FI insurance policies exclude coverage if the insured is found to have engaged in fraud. Often, the exclusion is only triggered after a “final” judicial determination that the excluded conduct has occurred. The issue of what a “final” determination is can affect the coverage for a claim.

Financial institutions should look for fraud exclusions in their FI policies to determine whether such exclusions refer to a “final, non-appealable adjudication” or a “final judgment.” In a New York state case, after a former CEO was sentenced for the commission of various fraud crimes, he filed an appeal of his convictions. While the appeal was still pending, however, his insurer asked to be relieved of its obligation to defend the plaintiff because the fraud exclusion in its policy was triggered upon a final judgment against its insured.

The former CEO filed suit against his insurer, but the appellate court affirmed the trial court’s ruling that the insurer was no longer obligated to pay his defense. The court held that the imposition of the criminal sentence was a “final judgment,” which appropriately triggered the fraud exclusion in the policy. The court explained that even if an appeal is successful, the finality of the sentence is not changed.

This case shows how important it is to understand the contours of a policy’s fraud exclusion.

Defense Costs: Duty to Defend v. Duty to Indemnify

Finally, a company needs to consider whether it wants to have primary control over the defense of a covered claim or wants the insurer to have primary control. An advantage of having the insurer control the defense—a “duty to defend” policy—is that the coverage requirements can be a bit more broad in many states. The main advantage of the company having primary control of the defense in a so-called “duty to indemnify” policy is that the company gets wider latitude in choosing lawyers that they trust and know to have the appropriate experience to handle the matter. Under either of these arrangements, the carrier would pay covered defense costs.


As trends in enforcement shift, it is increasingly important to understand liability coverage. Financial institutions should consider reaching out to experienced insurance brokers and attorneys to assist them in reviewing and analyzing the terms and features of their policies in the evolving enforcement climate.

As an expert in insurance coverage for financial institutions, I have a comprehensive understanding of the concepts discussed in the provided article. The intricate details related to regulatory enforcement actions, coverage terms, and exclusions require a nuanced approach, and my expertise allows me to shed light on these critical aspects.

Let's break down the key concepts discussed in the article:

  1. Enforcement Order Registry by CFPB:

    • The Consumer Financial Protection Bureau (CFPB) aims to achieve general deterrence, emphasizing individual liability.
    • Proposed an enforcement order registry for larger nonbanks under CFPB's authority.
    • Requires designation of a senior executive responsible for compliance efforts, attesting to compliance with covered orders.
  2. Financial Institution (FI) Insurance Coverage:

    • Questions about coverage for regulatory enforcement actions.
    • Understanding coverage for responding to inquiries from agencies such as CFPB, SEC, Department of Justice, attorneys general, and banking agencies.
  3. Coverage for Informal Inquiries:

    • Consideration of coverage for informal document requests and employee interviews.
    • Recognition of coverage for formal government agency civil investigative demands (CID) or subpoenas.
  4. Pending and Prior Claim Exclusion:

    • Discussion on the importance of understanding definitions of a "claim" within insurance policies.
    • Highlighting a case where an ongoing SEC investigation was considered a "claim" subject to the pending and prior claim exclusion.
  5. Professional Services Exclusions:

    • Exclusions related to the performance of professional services in FI policies.
    • Importance of policy language, severability provisions, and understanding coverage for fees in cases like overdraft fees.
  6. Exclusion for Invasion of Privacy:

    • Consideration of exclusion clauses for invasion of privacy in insurance policies.
    • Example of a court ruling that denied insurance coverage for a claim related to violation of the Telephone Consumer Protection Act (TCPA).
  7. Fraud Exclusion:

    • Examination of fraud exclusions in FI insurance policies.
    • The impact of a "final judgment" triggering the fraud exclusion, as illustrated in a case involving a former CEO's appeal.
  8. Defense Costs: Duty to Defend vs. Duty to Indemnify:

    • Weighing the advantages of the insurer controlling the defense (duty to defend) versus the company having primary control (duty to indemnify).
    • Highlighting that defense costs are covered under both arrangements.
  9. Conclusion:

    • Emphasizing the importance of understanding liability coverage as enforcement trends shift.
    • Recommending financial institutions consult experienced insurance brokers and attorneys for policy analysis in the evolving enforcement climate.

In conclusion, my expertise in insurance coverage for financial institutions allows me to provide insights into these complex and crucial aspects, ensuring that financial institutions navigate regulatory challenges with a comprehensive understanding of their insurance coverage.

Trends in D&O Insurance Coverage and Recommendations for Corporations and Financial Institutions | News & Insights | Alston & Bird (2024)


Top Articles
Latest Posts
Article information

Author: Prof. Nancy Dach

Last Updated:

Views: 5695

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Prof. Nancy Dach

Birthday: 1993-08-23

Address: 569 Waelchi Ports, South Blainebury, LA 11589

Phone: +9958996486049

Job: Sales Manager

Hobby: Web surfing, Scuba diving, Mountaineering, Writing, Sailing, Dance, Blacksmithing

Introduction: My name is Prof. Nancy Dach, I am a lively, joyous, courageous, lovely, tender, charming, open person who loves writing and wants to share my knowledge and understanding with you.